Publication
Title
Zero trust validation: from practice to theory : an empirical research project to improve zero trust implementations
Author
Abstract
How can high-level directives concerning risk, cy- bersecurity and compliance be operationalized in the central nervous system of any organization above a certain complexity? How can the effectiveness of technological solutions for security be proven and measured, and how can this technology be aligned with the governance and financial goals at the board level? These are the essential questions for any CEO, CIO or CISO that is concerned with the wellbeing of the firm. The concept of Zero Trust (ZT) approaches information and cybersecurity from the perspective of the asset to be protected, and from the value that asset represents. Zero Trust has been around for quite some time. Most professionals associate Zero Trust with a particular architectural approach to cybersecurity, involving concepts such as segments, resources that are accessed in a secure manner and the maxim “always verify never trust”. This paper describes the current state of the art in Zero Trust usage. We investigate the limitations of current approaches and how these are addressed in the form of Critical Success Factors in the Zero Trust Framework developed by ON2IT ‘Zero Trust Innovators’ (1). Furthermore, this paper describes the design and engineering of a Zero Trust artefact that addresses the problems at hand (2), according to Design Science Research (DSR). The last part of this paper outlines the setup of an empirical validation trough practitioner oriented research, in order to gain a broader acceptance and implementation of Zero Trust strategies (3). The final result is a proposed framework and associated technology which, via Zero Trust principles, addresses multiple layers of the organization to grasp and align cybersecurity risks and understand the readiness and fitness of the organization and its measures to counter cybersecurity risks.
Language
English
Source (book)
2022 IEEE 29th Annual Software Technology Conference (STC), 03-06 October, 2022, Gaithersburg, MD, USA
Publication
IEEE , 2022
ISBN
978-1-6654-8864-8
DOI
10.1109/STC55697.2022.00021
Volume/pages
p. 93-104
ISI
000894271700016
Full text (Publisher's DOI)
UAntwerpen
Research group
Publication type
Subject
External links
Web of Science
Record
Identifier
Creation 19.11.2023
Last edited 25.12.2023
To cite this reference