Granular Trust - Making It Work

Explore a comprehensive conference talk on implementing granular trust in cybersecurity systems. Delve into the intricacies of trust models, trust levels, and variable authentication. Learn about breaking glass scenarios, highly granular access control, and the importance of separating source and target. Discover how to define application access levels, trust levels, and use big buckets for effective implementation. Examine real-world examples, including mobile device security and unmanaged device scenarios. Gain insights into future work, including percentage-based trust, emergency access protocols, and disaster recovery strategies. Understand the challenges and solutions in validating security measures, handling deadlocks, and managing security operations centers.

Intro
Joke
The problem
How does it work
Trust Model
Trust Level
Breaking Glass
Variable Authentication
Requirements
Highly granular
Lots of dimensions
Trust
Why
Separate source and target
Define application access level
Define trust levels
Use big buckets
What have we gotten
My phone
Security definitions
Authentication
Session Lifetime
Application List
Unmanaged Device
Future Work
Percentage
Conclusions
Validation
Security
Emergency Access
Emergency Session
Security Operation Center
Deadlocks
Disaster Recovery
More papers