View Item 
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        JavaScript is disabled for your browser. Some features of this site may not work without it.

        Browse

        All of UU Student Theses RepositoryBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

        The ZEro Trust DECision Making (ZEDEC) Method: Selecting Relevant Zero Trust Concepts to Mitigate High-Priority Risks

        Thumbnail
        View/Open
        Thesis final version - Bjorn van Dijen.pdf (1.203Mb)
        Publication date
        2023
        Author
        Dijen, Bjorn van
        Metadata
        Show full item record
        Summary
        Zero trust is a security principle that allows organisations to be more resilient to cyber threats than the traditional perimeter-based security solutions, by ensuring that users and devices are not trusted by default. In order to minimize security risks, 72 \% of the companies were planning to implement zero trust capabilities into their security solutions in 2020. However, zero trust architectures have not yet succeeded in replacing traditional security solutions, because organisations have trouble overseeing how they should handle the migration process --- the design of a zero trust architecture differs per organisation, depending on their needs. Therefore, this research proposes a ZEro trust DECision making (ZEDEC) method that helps these organisations decide which zero trust concepts they should integrate into their zero trust architecture. We follow the design science method to construct ZEDEC. In the first part of the research, we conduct a structured literature review and expert interviews to identify relevant method fragments. We identify multiple zero trust concepts that organisations should consider to integrate into their zero trust architecture and discover how organisations are currently migrating towards a zero trust architecture. We also discover that in the migration process towards a zero trust architecture, organisations mainly consider zero trust mitigations that address cyber security risks as factors to decide which zero trust concepts they want to include in their zero trust architecture. Therefore, we introduce a decision matrix that includes a mapping between the zero trust mitigations and their related zero trust concepts. Ultimately, we propose the ZEDEC method with the main activities: (1) create a vision on needed changes, (2) identify context, (3) perform risk assessment and (4) identify zero trust concepts. Through an evaluation with a security expert of a theoretical scenario, we confirm that the method is correct and useful.
        URI
        https://studenttheses.uu.nl/handle/20.500.12932/45594
        Collections
        • Theses
        Utrecht university logo