|
Title
|
|
|
|
On the design and engineering of a zero trust security artefact
| |
|
Author
|
|
|
|
| |
|
Abstract
|
|
|
|
| Adequatelyinformingtheboardofdirectorsaboutoperationalsecurity effectiveness is cumbersome. The concept of Zero Trust (ZT) approaches infor- mation and cybersecurity from the perspective of the asset, or sets of assets, to be protected, and from the value that it represents. Zero Trust has been around for quite some time. This paper continues on the authors previous research work on the examination of Zero Trust approaches, what is lacking in terms of operationalisa- tion and which elements need to be addressed in future implementations and why and how this requires empirical validation. In the first part of the paper, we sum- marise the limitations in the state of the art approaches and how these are addressed in the Zero Trust Framework developed by ON2IT ‘Zero Trust Innovators’. Then we describe the design and engineering of a Zero Trust artefact (dashboard) that addresses the problems at hand, according to Design Science Research (DSR). The last part of this paper outlines the setup of an empirical validation trough practitioner-oriented research, in order to gain a better implementation of Zero Trust strategies. And how this validation was conducted in 2020 with 73 security practitioners. The final result is a proposed framework and associated technology which, via Zero Trust principles, addresses multiple layers of the organization to grasp and align cybersecurity risks and understand the readiness and fitness of the organization and its measures to counter cybersecurity risks. |
| |
|
Language
|
|
|
|
English
| |
|
Source (book)
|
|
|
|
Advances in Information and Communication : Proceedings of the 2021 Future of Information and Communication Conference (FICC)
| |
|
Source (series)
|
|
|
|
Advances in intelligent systems and computing ; 1363
| |
|
Publication
|
|
|
|
Springer
,
2021
| |
|
ISBN
|
|
|
|
978-3-030-73099-4
| |
|
DOI
|
|
|
|
10.1007/978-3-030-73100-7_58
| |
|
Volume/pages
|
|
|
|
p. 830-848
| |
|
Full text (Publisher's DOI)
|
|
|
|
| |
|