Lesson 3

Physical

Network

Encryption

Strict identity verification

Assuming all users and devices are trusted by default

Trusting only users within the organization

Never trusting any user or device, always verifying before granting access

Allowing unrestricted access to all resources

Defense-in-Depth focuses on strict identity verification, while Zero Trust uses layered protection.

Defense-in-Depth is a modern security model, while Zero Trust is a traditional model.

Defense-in-Depth focuses on barriers, while Zero Trust focuses on identity and access.

Defense-in-Depth uses Just-In-Time access, while Zero Trust uses encryption.

Physical, Network, Host, Application

Encryption, Backups, Awareness Training, Firewalls

User, Workstation, LAN, WAN

Authentication, Input Validation, Antivirus, Patching

Acceptable Use

Password must be at least 12 characters

How to reset a password

Data Classification Policy

A high-level management directive outlining what must be done

A step-by-step instruction on how to perform a task

A specific requirement supporting a policy

A technical tool used for cybersecurity

Defense-in-Depth relies on multiple layers of security, while Zero Trust assumes no implicit trust within the network.

Defense-in-Depth assumes all internal users are trusted, while Zero Trust assumes all external users are trusted.

Zero Trust Architecture uses only physical security measures, while Defense-in-Depth uses only digital measures.

Defense-in-Depth is only applicable to small organizations, while Zero Trust is for large enterprises.