Zero Trust Cyber Security Architecture for Government and Private Sectors

Zero Trust Cyber Security Architecture for Government and Private Sectors Research Questions Analyse different focus areas to develop a zero-trust security architecture. How can we have a zero-trust security architecture that can offer satisfactory results? How can a zero-trust security architecture be implemented on existing cybersecurity maturity models? Study implications while implementing a zero-trust security architecture. How can the proposed zero-trust security architecture tackle various cyber security implications effectively? Research Objectives and Scope Propose an effective zero-trust security architecture that can be adopted by organisations and governments for assuring confidentiality, integrity, availability, user access, non-repudiation, and authentication. Suggested Zero trust security architecture should be able to be applied on the established cyber security best practices considering various cyber security maturity models already existing in the organisation. Useful to cyber security policy makers to improve the cyber security postures of the organizations and governments against any cyber-attacks while designing their cyber security architectures. Research Methods Phase – 1: In-depth literature analysis of existing cyber security maturity mechanisms. Evaluation of various cyber security models to understand their features and improvement fields, to identify new focus areas for the zero-trust security architecture. Phase – 2: Propose an effective zero-trust security architecture, considering various focus areas that can deal with the future threats. o In addition, the proposed mechanism to be designed based on different security necessities, such as user access, confidentiality, non-repudiation, integrity, availability, and authentication Phase – 3: Carryout survey / circulate questionnaire to take inputs from organisations on the proposed zero-trust security architecture viz a viz existing cyber security maturity models. Phase – 4: Experimental analysis of the proposed zero-trust security architecture to understand its implementation challenges in the organizations. § Phase – 5: Analyse the effectiveness of proposed Zero-Trust security architecture that can influence cybersecurity model of organizations and governments while designing cyber security architectures 2. Systematic Literature Review (SLR) The objective of this section is to summarise all current literature and identify the components relevant to zero trust cyber security architecture for government and private sectors, across the world. This literature review first details the research method used in the study. It then discusses the research results and identifies possible areas of further significance. 2.1. Methodology This systematic literature review (SLR) follows the approach proposed by Kitchenham and Charters (Kitchenham et al. 2007). This method was chosen due to its ability to single out research gaps and address a number of research questions within the scope of current literature. This enables us to then evaluate the available literature pertaining to the research questions or the topic, leading to the development of a research framework. The five steps of this SLR approach include: Determining the dimensions of focus of the literature selection Selecting data sources and refining the search process Inclusion and exclusion criteria Study quality assessment Data extraction and synthesis strategy 2.1.1 Determining the dimensions of focus of the literature selection This stage involved determining the dimensions of focus of the literature selection. Focus areas included: The kinds of zero-trust security architecture that can offer satisfactory results Implementation of zero-trust security architecture on existing cybersecurity maturity models The implications of implementing zero-trust security architecture Effective zero-trust security architecture that can be adopted by organisations and governments How Zero trust security architecture can be integrated on cyber security maturity models that already exist in organisations 2.1.2. Selecting data sources and refining the search process This stage involved gathering relevant studies for the SLR from a suit of credible scientific electronic databases. Those scientific online databases and search engine platforms usd are detailed in Table 1. It was found that the electronic databases chosen offered minimal coverage of literature pertaining to this SLR study. This suggests that this topic is novel, and requires more research and development. Table 1: The electronic databases used and their URLs Database Name Database Weblink IEEE Xplore Springer ScienceDirect Google Scholar ACM Table 2 details the search terms extracted from the research questions. These were used in the different query strings for each database, based on the methods used by each of these to define their unique search syntax. Table 2: Search categories and keywords used to find the relevant studies Search Category Keywords IEEE Xplore Security and Maturity Model Zero Trust Architecture Zero trust architecture and maturity model Springer Security and Maturity Model Zero trust architecture Zero Trust and Maturity Model ScienceDirect Security and Maturity Model Zero Trust and Maturity Model Zero Trust Architecture Zero Trust Google Scholar Security maturity model Zero trust architecture Zero trust maturity Zero trust security ACM Digital Library Security and Maturity model Zero Trust and Architecture Zero Trust and Architecture and Maturity model Table 3 notes each filtration stage and the assessment criteria pertaining to each stage. In the first filtration search stage, 1817 papers were retrieved. However, many of these were excluded prior to the second filtration stage, which eliminated any papers that did not have two or more keywords in different rows present. Following this, the titles of the remaining 53 papers were reviewed manually to exclude those that were irrelevant to the study. Those 49 remaining papers that appeared relevant underwent a third filtration stage where the abstract was reviewed carefully to ensure the work was relevant to this research project. All 49 had relevant abstracts. In the fourth filtration stage, we read the full text of the remaining selected papers. All 49 remained relevant to the study. The purpose of this step was to gather as many studies possibly available that were relevant to zero trust cyber security architecture for government and private sectors. Table 4 shows the number of articles included in every filtration stage for each online database. Table 3: Summary of the filtration process and assessment criteria for the SLR Filtration Stage Method Assessment Criteria First Identify the related studies from the online databases based on keywords All relevant keywords Second Excluded studies based on titles and keywords If the title contains keywords; Yes=include; No=exclude Third Excluded studies because of Abstracts If abstract shows study is relevant; Yes=include; No=exclude Fourth Critically evaluate remaining papers based on whole study’s text If it is about maturity model in security and/or trust; Yes=include; No=exclude Table 4: The search results for every filtration stage by database Database Name First Second Third Fourth IEEE Xplore 19 + 40 + 210 15 + 3 + 0 15 + 3 + 0 15 + 3 + 0 Springer 76 + 9 + 45 11 + 3 + 0 11 + 3 + 0 11 + 3 + 0 ScienceDirect 99 + 15 + 3 + 8 4 + 0 + 0 + 0 4 + 0 + 0 + 0 4 + 0 + 0 + 0 Google Scholar 188 + 5 + 1 + 19 2 + 0 + 0 + 0 2 + 0 + 0 + 0 2 + 0 + 0 + 0 ACM Digital Library 1004 + 73 + 3 5 + 9 + 1 5 + 5 + 1 5 + 5 + 1 Total 1817 53 49 49 2.1.3 Inclusion and Exclusion Criteria We applied the defined exclusion criteria at every filtration stage in order to determine which papers could be considered for our SLR. Only the papers that 1) answered the research questions and 2) included at least two of the keywords, were included. Papers that did not focus on the components relevant to zero trust cyber security architecture for government and private sectors or met one or more of the exclusion criteria (as shown in Table 5) were excluded from the study. Following this, Endnote was used to import the references of the papers and then open Microsoft Word to insert citations. Finally, only 10 papers were considered to be relevant to our literature review, as shown in Table 7. Table 5: The search criteria used for excluding studies from the SLR Exclusion Criteria 1. Article not written in English language 2. Duplicated paper. 3. Article published in a magazine, newspaper, or a poster session. (if the poster is published in high ranked search it will be accepted). 4. Non-academic surveys, videos, summaries, discussions, notes, and workshops. Figure 1: Flowchart for the SLR process Stage 1 → Article found by searching different keywords in different databases (Total Number = 1817) → Stage 2 → After excluding studies based on keywords & titles (Total Number = 53) → Stage 3 → After excluding studies based on abstract (Total Number = 49) → Stage 4 After in-depth study (Total Number = 10) 2.1.4 Study Quality Assessment All papers included in our systematic literature review were retrieved from recognised scientific databases. All papers have been peer-reviewed and published in respected journals. All items published in magazines, newspapers, or poster sessions were excluded, alongside any non-academic surveys, videos, summaries, discussions, notes, and workshops. Therefore, there is no need for any further quality appraisal of these papers. 2.1.5 Data Extraction and Synthesis Strategy Ultimately, the final remaining set of papers was chosen based on several inclusion criteria to ensure their relevance to our research topic. Only those articles which met the set of selection criteria were selected for the study. All chosen papers are current studies published in the English language which identify the components relevant to zero trust cyber security architecture for government and private sectors. After selecting the studies for the SLR, we extracted relevant data from each paper, using the research questions in Table 6. Table 6: The extracted data items Point Description Title Title of research article Type Peer-reviewed journal/ conference paper Aim Main aim and short objectives Implementation Summary of what was implemented in this study Benefits Advantages of this study Challenges Challenges in this research work Future work Determined future areas Table 7: Relevant studies that meet the inclusion criteria Research Article Year Article Title RA1 1997 Lessons Learned with the Systems Security Engineering Capability Maturity Model RA2 2006 Towards an Information Security Competence Maturity Model RA3 2008 A security architecture for transient trust RA4 2009 GoCoMM: a governance and compliance maturity model RA5 2009 An Overview of the Community Cyber Security Maturity Model RA6 2009 A model to assess the maturity level of the Risk Management process in information security RA7 2010 A Security Engineering Capability Maturity Model RA8 2011 Secure e-government services: Towards a framework for integrating it security services into e-government maturity models RA9 2011 A Maturity Model for Segregation of Duties in Standard Business Software RA10 2012 SOASMM: A novel service oriented architecture Security Maturity Model RA11 2013 A dynamic capability maturity model for improving cyber security RA12 2014 Sustainable security advantage in a changing environment: The Cybersecurity Capability Maturity Model (CM2) RA13 2015 Capability Maturity Model of Software Requirements Process and Integration (SRPCMMI) RA14 2015 A maturity model for part of the African Union Convention on Cyber Security RA15 2015 Modelling Cyber Security Governance Maturity RA16 2015 PLCloud: Comprehensive power grid PLC security monitoring with zero safety disruption RA17 2015 Towards an Encompassing Maturity Model for the Management of Hospital Information Systems RA18 2016 HISMM – Hospital Information System Maturity Model: A Synthesis RA19 2016 Implementing Zero Trust Cloud Networks with Transport Access Control and First Packet Authentication RA20 2016 The Community Cyber Security Maturity Model RA21 2016 Information security maturity model: A best practice driven approach to PCI DSS compliance RA22 2016 Security metrics maturity model for operational security RA23 2016 Can maturity models support cyber security? RA24 2016 A vulnerability-driven cyber security maturity model for measuring national critical infrastructure protection preparedness RA25 2016 Applying a Capability Maturity Model (CMM) to evaluate global health security-related research programmes in under-resourced areas RA26 2017 Maturity Model of Information Security for Software Developers RA27 2018 A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure RA28 2018 Establishment and application of Enterprise management maturity model based on multimedia data information systems RA29 2018 Information Security Management Systems – A Maturity Model Based on ISO/IEC 27001 RA30 2018 A New Adaptive Cyber-security Capability Maturity Model RA31 2018 A Security Model based Authorization Concept for OPC Unified Architecture RA32 2018 Modeling of dynamic trust contracts for industry 4.0 systems RA33 2018 An Ecosystem and IoT Device Architecture for Building Trust in the Industrial Data Space RA34 2018 Cyber Security Maturity Model and Maqasid al-Shari’ah RA35 2019 A Maturity Model for IT-Related Security Incident Management RA36 2019 Towards a capability maturity model for digital forensic readiness RA37 2019 Towards a Maturity Model for Cloud Service Customizing RA38 2019 Towards creation of a reference architecture for trust-based digital ecosystems RA39 2019 A Master-Slave Chain Architecture Model for Cross-Domain Trusted and Authentication of Power Services RA40 2019 Secure Design and Development Cybersecurity Capability Maturity Model (SD2-C2M2): Next-Generation Cyber Resilience by Design RA41 2019 Security maturity model of web applications for cyber attacks RA42 2019 Secure Kubernetes Networking Design Based on Zero Trust Model: A Case Study of Financial Service Enterprise in Indonesia RA43 2020 Towards a capability and maturity model for Collaborative Software-as-a-Service RA44 2020 Towards an Information Security Awareness Maturity Model RA45 2020 Adopting security maturity model to the organizations’ capability model RA46 2020 Feasibility Study of Zero Trust Security in the Power Industry RA47 2020 Survey on Zero-Trust Network Security RA48 2020 A maturity model for secure requirements engineering RA49 2020 Protection of Sensitive Data in Zero Trust Model

Don't use plagiarized sources. Get Your Custom Essay on
Zero Trust Cyber Security Architecture for Government and Private Sectors
Just from $13/Page
Order Essay
Place Order
Grab A 14% Discount on This Paper
Pages (550 words)
Approximate price: -
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Try it now!

Grab A 14% Discount on This Paper

Total price:

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.