Zero Trust Journey Across the Digital Estate
暫譯: 零信任旅程：跨越數位資產

零信任（Zero Trust）是組織需要實施的策略，以保持在網路威脅之前。業界有超過30年的明顯失敗，顯示我們過去的做法，雖然在努力上是認真的，但並未阻止攻擊者。零信任策略性地專注於並系統性地消除駭客和對手贏得勝利所需的權力和主動性，因為他們繞過安全控制。這本書將幫助您和您的組織更好地理解零信任的真正含義，認識其歷史，並獲得有助於您和您的企業最終在網路安全策略這場棋局中擊敗對手的建議性知識。

Dr. Chase Cunningham（又名 Dr. Zero Trust），網路安全專家

當今的組織需要一種新的安全方法，能有效適應現代環境的挑戰，擁抱移動工作力，並保護人員、設備、應用程式和數據，無論它們位於何處。零信任正日益成為許多企業和政府的關鍵安全選擇；然而，安全領導者常常在全面實施零信任所需的策略和架構的重大轉變中掙扎。

本書旨在提供零信任方法在組織數位資產中的端到端視角，包括策略、商業必要性、架構、解決方案、人員因素和實施方法，這些都可能顯著提升這些組織在學習、適應和實施零信任方面的成功。書中最後討論了零信任在人工智慧、區塊鏈技術、運營技術（OT）以及治理、風險和合規等領域的未來。

本書非常適合希望以零信任方法現代化其數位資產的商業決策者、網路安全領導者、安全技術專業人員和組織變革推動者。

Abbas Kudrati, a long-time cybersecurity practitioner and CISO, is Microsoft Asia's Chief Cybersecurity Advisor. Abbas works with customers on cybersecurity strategy, how Microsoft sees the threat landscape, how we are investing in the future of security at Microsoft, and how organizations can take advantage of Microsoft's security solutions to help improve their security posture and reduce costs.

In addition to his work at Microsoft, he serves as an executive advisor to Deakin University, LaTrobe University, HITRUST ASIA, EC Council ASIA, and many security and technology startups. He supports the broader security community through his work with ISACA chapters and student mentorship. He is also a part-time professor at Deakin University, Melbourne, Australia and a regular speaker on Zero Trust, cybersecurity, cloud security, governance, risk, and compliance.

Abbas has received multiple industry awards, such as Business Leader/ Professional of the year 2021 by IABCA, Top Security Advisor for APJ for the year 2020 and the year 2019, Best Security Professional of the year 2018, CISO 100 Award 2018, Finalist for Australian CISO of the year 2015, IT Governance Professional of the year 2014, and Security Strategist of the year 2011.

He graduated from Gujarat University, India, with a bachelor's degree in Accounting and Auditing and is a certified Forrester Zero Trust Strategist, CCISO, CISM, CISA, CGEIT, CPDSE, and CSX-P, among other professional certifications.

Binil Pillai is a strategic-thinking business development professional with 23 years of multifaceted experience building relationships, cultivating partnerships, retaining customers, and growing profit channels by establishing trust. As Global Director of Security, Compliance and Identity (SCI) business at Microsoft, Binil is responsible for partner strategy and business development and works with corporate executives and partners to evangelize security as a foundational capability to accelerate a secure digital transformation journey for customers. Binil has experience in security product development, managed security product marketing, and led worldwide security go-to-market and sales activations. He was the business architect who designed and launched the Business Value Analysis (BVA) model to quantify security risk exposure for B2B customers. Before joining Microsoft, Binil worked as a regional practice manager for Deloitte Consulting's strategy and operations practice. His business strategy consulting experience spans business transformation, corporate strategy alignment, post-merger integration, adoption and change management, customer relationship management, IT strategic planning, and more, with a wide range of companies and government agencies. He is also a board adviser to several start-ups to help grow their business successfully.

Binil is passionate about establishing a coaching culture to improve learning and performance, make the most of the people's potentials and deliver sustainable results. As a PROCI-certified change management practitioner, Binil embraces the leadership accountability to take a step-by-step approach that helps the organization achieve success, no matter how complex the system, process, method, or culture need to affect or transform. Binil graduated from INSEAD in Business Strategy & Financial Acumen and has a master's in business administration. He is TOGAF certified enterprise architect and account-based marketing (ABM) professional from ITSMA.

He has also published a book for Wiley (Title - Threat Hunting in the Cloud: Defending AWS, Azure and Other Platforms Against Cyberattacks) and many thought leadership documents. His recent publications are How COVID-19 Changes Small Medium Enterprise (SME) Priority on Security, Identity - Building Trust in a Digital World, How Does Your Cybersecurity Posture Need To Change?, and What Does It Take To Protect Your Workplace?.

Technical Editor Biography

David Fairman is an experienced CSO/CISO, strategic advisory, investor, and coach. David has extensive experience in the global financial services sector. David is currently the APAC CSO for Netskope helping customers manage their digital and cyber risk programs in addition to working across industry with the aim of making the digital economy a safer place to do business. Furthermore, David is a Partner and CISO-in-residence at SixThirty Ventures, driving innovation and helping build great technology companies. Previously, David was the Chief Security Officer (CSO)at NAB owning all aspects of Physical Security, Fraud, Investigations and Cyber Security. Prior to NAB, he was the Group Chief Information Security Officer (CISO)for the Royal Bank of Canada. David has been a senior leader atJP Morgan Chase & Co as Deputy Technology Controls Officer and Global Head of Technology Risk and Control. David has also held several senior roles at the Royal Bank of Scotland (RBS), including CISO RBS Americas and Head of Information Security EMEA.

David has lived and worked in Australia, the UK, the Netherlands, and the USA. David was raised and educated in Australia where he received his Bachelor of Information Technology in Software Engineering and Computer Science. He holds a Master of Business Administration and a Master of Project Management. David began his career in Information Security while serving in the Royal Australian Air Force's Electronic Warfare and Communications group, where he gained valuable experience in the technology, policy and process aspects of security and risk management. Subsequently, David worked in a variety of roles in technology and cyber, including in the utilities sector (gas and electricity). David holds a number of positions on boards of directors and was a founding member of the Security Advisor Alliance (www.securityadvisoralliance.org), and the Canadian Cyber Threat Exchange. During his tenure at NAB, David was the Chair for the Board of Directors for the Australian Financial Crimes Exchange and spear headed the formation of a taskforce involving the big 4 banks, AFP, ASD and ACSC to detect and disrupt cyber-crime impacting Australia. David also advises several VC funds and Cyber Security companies. Recently, David was recognized in the Top 50 Australian Professionals, as profiled by the Top 100 Magazine. David has also been named as one of the Top 10 CISOs to know, http: //www.information-management.com/gallery/Chief-Information-Security-Officer-CISO-List-Trends-10027134-1.htmland is recognized as a thought leader in the cyber security industry as profiled by K-Logix here, https: //www.klogixsecurity.com/blog/david-fairman-ciso-royal-bank-of-canada. David co-authored Cyber Risk (2016), and co-edited Fintech: Growth and Deregulation (2018) published by Risk Books. David is passionate about education. He has held Adjunct Professorships at both the University of New York and the University of Toronto and is currently working with Deakin University in Australia. David currently resides in both Melbourne and Brisbane, Australia.

阿巴斯·庫德拉提（Abbas Kudrati）是一位長期從事網路安全的專業人士及首席資訊安全官（CISO），目前擔任微軟亞洲的首席網路安全顧問。阿巴斯與客戶合作制定網路安全策略，分析微軟對威脅環境的看法，探討微軟在安全未來的投資，以及組織如何利用微軟的安全解決方案來改善其安全狀態並降低成本。

除了在微軟的工作外，他還擔任迪肯大學（Deakin University）、拉籌布大學（LaTrobe University）、HITRUST ASIA、EC Council ASIA及多家安全和科技初創公司的執行顧問。他通過與ISACA分會的合作及學生導師計畫，支持更廣泛的安全社群。他同時也是澳大利亞墨爾本的迪肯大學的兼任教授，並定期就零信任（Zero Trust）、網路安全、雲安全、治理、風險及合規等主題發表演講。

阿巴斯獲得了多項行業獎項，包括2021年IABCA頒發的年度商業領袖/專業人士、2020年及2019年亞太地區最佳安全顧問、2018年最佳安全專業人士、2018年CISO 100獎、2015年澳大利亞年度CISO決賽入圍者、2014年IT治理專業人士及2011年年度安全策略師。

他畢業於印度古吉拉特大學，獲得會計與審計學士學位，並且是Forrester零信任策略師、CCISO、CISM、CISA、CGEIT、CPDSE及CSX-P等多項專業認證的持有者。

比尼爾·皮萊（Binil Pillai）是一位具有戰略思維的商業發展專業人士，擁有23年的多元化經驗，專注於建立關係、培養夥伴關係、保留客戶及通過建立信任來增長利潤渠道。作為微軟全球安全、合規與身份（SCI）業務的總監，比尼爾負責夥伴策略和商業發展，並與企業高管及夥伴合作，推廣安全作為加速客戶安全數位轉型的基礎能力。比尼爾在安全產品開發、管理安全產品行銷方面擁有經驗，並主導全球安全市場推廣及銷售活動。他是設計並推出商業價值分析（BVA）模型的商業架構師，該模型用於量化B2B客戶的安全風險暴露。在加入微軟之前，比尼爾曾擔任德勤顧問公司策略與運營實踐的區域經理。他的商業策略諮詢經驗涵蓋商業轉型、企業策略對齊、併購後整合、採用與變更管理、客戶關係管理、IT策略規劃等，涉及多家企業及政府機構。他還擔任多家初創公司的董事顧問，幫助他們成功成長。

比尼爾熱衷於建立教練文化，以改善學習和表現，充分發揮人員潛力並實現可持續結果。作為PROCI認證的變更管理專業人士，比尼爾承擔領導責任，採取逐步的方法，幫助組織實現成功，無論系統、流程、方法或文化的影響或轉型有多複雜。比尼爾畢業於INSEAD，專攻商業策略與財務敏銳度，並擁有工商管理碩士學位。他是TOGAF認證的企業架構師及ITSMA的帳戶基礎行銷（ABM）專業人士。

他還為Wiley出版了一本書（書名 - 雲端威脅獵捕：防禦AWS、Azure及其他平台免受網路攻擊）以及多份思想領導文件。他最近的出版物包括《COVID-19如何改變中小企業（SME）對安全的優先考量》、《身份 - 在數位世界中建立信任》、《你的網路安全狀態需要如何改變？》及《保護你的工作場所需要什麼？》。

技術編輯簡介

大衛·費爾曼（David Fairman）是一位經驗豐富的首席安全官/首席資訊安全官（CSO/CISO）、戰略顧問、投資者及教練。大衛在全球金融服務行業擁有豐富的經驗。目前，他是Netskope的亞太區首席安全官，幫助客戶管理其數位及網路風險計畫，並在行業內工作，旨在使數位經濟成為更安全的商業環境。此外，大衛還是SixThirty Ventures的合夥人及駐場CISO，推動創新並幫助建立優秀的科技公司。此前，大衛曾擔任NAB的首席安全官，負責所有物理安全、詐騙、調查及網路安全方面的工作。在加入NAB之前，他是加拿大皇家銀行的集團首席資訊安全官。大衛曾在摩根大通擔任高級領導職位，擔任副技術控制官及全球技術風險與控制負責人。大衛還在蘇格蘭皇家銀行（RBS）擔任多個高級職位，包括RBS美洲的CISO及EMEA資訊安全負責人。

大衛曾在澳大利亞、英國、荷蘭及美國生活和工作。他在澳大利亞接受教育並獲得資訊技術學士學位，專攻軟體工程及計算機科學。他擁有工商管理碩士學位及項目管理碩士學位。大衛的職業生涯始於資訊安全，當時他在澳大利亞皇家空軍的電子戰及通信小組服役，獲得了安全及風險管理的技術、政策及流程方面的寶貴經驗。隨後，大衛在技術及網路領域擔任多個角色，包括在公用事業部門（天然氣及電力）工作。大衛在多個董事會擔任職位，並且是安全顧問聯盟（www.securityadvisoralliance.org）及加拿大網路威脅交流的創始成員。在NAB任職期間，大衛擔任澳大利亞金融犯罪交流董事會主席，並主導成立了一個由四大銀行、澳大利亞聯邦警察（AFP）、澳大利亞信號局（ASD）及澳大利亞網路安全中心（ACSC）組成的工作小組，以檢測和打擊影響澳大利亞的網路犯罪。大衛還為多家風險投資基金及網路安全公司提供諮詢。最近，大衛被評選為澳大利亞50大專業人士之一，並在《Top 100 Magazine》中介紹。大衛還被評選為十大CISO之一，並被認可為網路安全行業的思想領袖。大衛共同撰寫了《網路風險》（2016年），並共同編輯了由Risk Books出版的《金融科技：增長與放鬆管制》（2018年）。大衛熱衷於教育，曾在紐約大學及多倫多大學擔任兼任教授，並目前與澳大利亞的迪肯大學合作。大衛目前在澳大利亞的墨爾本和布里斯班居住。