An organization experiences an identity theft attack. You need to ensure that the company is protected from future attacks. You suggest implementing a zero-trust model and the security improvements should cover areas such as:
Identities: use strong authentication
Devices: gain visibility of devices for health and compliance
Application: discover shadow IT applications
Network: implement segmentation, real-time threat protection, end-to-end encryption
Infrastructure: assess for version, configuration, and JIT access, and use telemetry to detect attacks and anomalies
Data: should be classified, labeled, and encrypted based on its attributes
What is the underlying theory behind the zero-trust security model?