Adequately informing the board of directors about operational security effectiveness is cumbersome. How can this effectiveness of technological solutions for cybersecurity and privacy be proven and measured, and how can this technology be aligned with the governance and financial goals at the board level? These are the essential questions for any C-level that is concerned with the wellbeing of the firm. The concept of Zero Trust (ZT) approaches information and cybersecurity from the perspective of the asset, or sets of assets, to be protected, and from the value that it represents. Zero Trust has been around for quite some time. This paper describes the current state of the art in Zero Trust. We investigate the limitations of current approaches and how these are addressed in the Zero Trust Framework developed by ON2IT ‘Zero Trust Innovators’ (1). Furthermore, this paper describes the design and engineering of a Zero Trust artefact (dashboard) that addresses the problems at hand (2), according to Design Science Research (DSR). The last part of this paper outlines the setup of an empirical validation trough practitioner-oriented research, in order to gain a better implementation of Zero Trust strategies (3). The final result is a proposed framework and associated technology which, via Zero Trust principles, addresses multiple layers of the organization to grasp and align cybersecurity risks and understand the readiness and fitness of the organization and its measures to counter cybersecurity risks.
FULL PAPER
