Zero Trust Cyber Security Architecture for Government and Private Sectors Research Questions Analyse different focus areas to develop a zero-trust security architecture. How can we have a zero-trust security architecture that can offer satisfactory results? How can a zero-trust security architecture be implemented on existing cybersecurity maturity models? Study implications while implementing a zero-trust security architecture. How can the proposed zero-trust security architecture tackle various cyber security implications effectively? Research Objectives and Scope Propose an effective zero-trust security architecture that can be adopted by organisations and governments for assuring confidentiality, integrity, availability, user access, non-repudiation, and authentication. Suggested Zero trust security architecture should be able to be applied on the established cyber security best practices considering various cyber security maturity models already existing in the organisation. Useful to cyber security policy makers to improve the cyber security postures of the organizations and governments against any cyber-attacks while designing their cyber security architectures. Research Methods Phase – 1: In-depth literature analysis of existing cyber security maturity mechanisms. Evaluation of various cyber security models to understand their features and improvement fields, to identify new focus areas for the zero-trust security architecture. Phase – 2: Propose an effective zero-trust security architecture, considering various focus areas that can deal with the future threats. o In addition, the proposed mechanism to be designed based on different security necessities, such as user access, confidentiality, non-repudiation, integrity, availability, and authentication Phase – 3: Carryout survey / circulate questionnaire to take inputs from organisations on the proposed zero-trust security architecture viz a viz existing cyber security maturity models. Phase – 4: Experimental analysis of the proposed zero-trust security architecture to understand its implementation challenges in the organizations. § Phase – 5: Analyse the effectiveness of proposed Zero-Trust security architecture that can influence cybersecurity model of organizations and governments while designing cyber security architectures 2. Systematic Literature Review (SLR) The objective of this section is to summarise all current literature and identify the components relevant to zero trust cyber security architecture for government and private sectors, across the world. This literature review first details the research method used in the study. It then discusses the research results and identifies possible areas of further significance. 2.1. Methodology This systematic literature review (SLR) follows the approach proposed by Kitchenham and Charters (Kitchenham et al. 2007). This method was chosen due to its ability to single out research gaps and address a number of research questions within the scope of current literature. This enables us to then evaluate the available literature pertaining to the research questions or the topic, leading to the development of a research framework. The five steps of this SLR approach include: Determining the dimensions of focus of the literature selection Selecting data sources and refining the search process Inclusion and exclusion criteria Study quality assessment Data extraction and synthesis strategy 2.1.1 Determining the dimensions of focus of the literature selection This stage involved determining the dimensions of focus of the literature selection. Focus areas included: The kinds of zero-trust security architecture that can offer satisfactory results Implementation of zero-trust security architecture on existing cybersecurity maturity models The implications of implementing zero-trust security architecture Effective zero-trust security architecture that can be adopted by organisations and governments How Zero trust security architecture can be integrated on cyber security maturity models that already exist in organisations 2.1.2. Selecting data sources and refining the search process This stage involved gathering relevant studies for the SLR from a suit of credible scientific electronic databases. Those scientific online databases and search engine platforms usd are detailed in Table 1. It was found that the electronic databases chosen offered minimal coverage of literature pertaining to this SLR study. This suggests that this topic is novel, and requires more research and development. Table 1: The electronic databases used and their URLs Database Name Database Weblink IEEE Xplore https://ieeexplore.ieee.org/ Springer https://www.springer.com/ ScienceDirect https://www.sciencedirect.com/ Google Scholar https://scholar.google.com/ ACM https://dl.acm.org/ Table 2 details the search terms extracted from the research questions. These were used in the different query strings for each database, based on the methods used by each of these to define their unique search syntax. Table 2: Search categories and keywords used to find the relevant studies Search Category Keywords IEEE Xplore Security and Maturity Model Zero Trust Architecture Zero trust architecture and maturity model Springer Security and Maturity Model Zero trust architecture Zero Trust and Maturity Model ScienceDirect Security and Maturity Model Zero Trust and Maturity Model Zero Trust Architecture Zero Trust Google Scholar Security maturity model Zero trust architecture Zero trust maturity Zero trust security ACM Digital Library Security and Maturity model Zero Trust and Architecture Zero Trust and Architecture and Maturity model Table 3 notes each filtration stage and the assessment criteria pertaining to each stage. In the first filtration search stage, 1817 papers were retrieved. However, many of these were excluded prior to the second filtration stage, which eliminated any papers that did not have two or more keywords in different rows present. Following this, the titles of the remaining 53 papers were reviewed manually to exclude those that were irrelevant to the study. Those 49 remaining papers that appeared relevant underwent a third filtration stage where the abstract was reviewed carefully to ensure the work was relevant to this research project. All 49 had relevant abstracts. In the fourth filtration stage, we read the full text of the remaining selected papers. All 49 remained relevant to the study. The purpose of this step was to gather as many studies possibly available that were relevant to zero trust cyber security architecture for government and private sectors. Table 4 shows the number of articles included in every filtration stage for each online database. Table 3: Summary of the filtration process and assessment criteria for the SLR Filtration Stage Method Assessment Criteria First Identify the related studies from the online databases based on keywords All relevant keywords Second Excluded studies based on titles and keywords If the title contains keywords; Yes=include; No=exclude Third Excluded studies because of Abstracts If abstract shows study is relevant; Yes=include; No=exclude Fourth Critically evaluate remaining papers based on whole study’s text If it is about maturity model in security and/or trust; Yes=include; No=exclude Table 4: The search results for every filtration stage by database Database Name First Second Third Fourth IEEE Xplore 19 + 40 + 210 15 + 3 + 0 15 + 3 + 0 15 + 3 + 0 Springer 76 + 9 + 45 11 + 3 + 0 11 + 3 + 0 11 + 3 + 0 ScienceDirect 99 + 15 + 3 + 8 4 + 0 + 0 + 0 4 + 0 + 0 + 0 4 + 0 + 0 + 0 Google Scholar 188 + 5 + 1 + 19 2 + 0 + 0 + 0 2 + 0 + 0 + 0 2 + 0 + 0 + 0 ACM Digital Library 1004 + 73 + 3 5 + 9 + 1 5 + 5 + 1 5 + 5 + 1 Total 1817 53 49 49 2.1.3 Inclusion and Exclusion Criteria We applied the defined exclusion criteria at every filtration stage in order to determine which papers could be considered for our SLR. Only the papers that 1) answered the research questions and 2) included at least two of the keywords, were included. Papers that did not focus on the components relevant to zero trust cyber security architecture for government and private sectors or met one or more of the exclusion criteria (as shown in Table 5) were excluded from the study. Following this, Endnote was used to import the references of the papers and then open Microsoft Word to insert citations. Finally, only 10 papers were considered to be relevant to our literature review, as shown in Table 7. Table 5: The search criteria used for excluding studies from the SLR Exclusion Criteria 1. Article not written in English language 2. Duplicated paper. 3. Article published in a magazine, newspaper, or a poster session. (if the poster is published in high ranked search it will be accepted). 4. Non-academic surveys, videos, summaries, discussions, notes, and workshops. Figure 1: Flowchart for the SLR process Stage 1 → Article found by searching different keywords in different databases (Total Number = 1817) → Stage 2 → After excluding studies based on keywords & titles (Total Number = 53) → Stage 3 → After excluding studies based on abstract (Total Number = 49) → Stage 4 After in-depth study (Total Number = 10) 2.1.4 Study Quality Assessment All papers included in our systematic literature review were retrieved from recognised scientific databases. All papers have been peer-reviewed and published in respected journals. All items published in magazines, newspapers, or poster sessions were excluded, alongside any non-academic surveys, videos, summaries, discussions, notes, and workshops. Therefore, there is no need for any further quality appraisal of these papers. 2.1.5 Data Extraction and Synthesis Strategy Ultimately, the final remaining set of papers was chosen based on several inclusion criteria to ensure their relevance to our research topic. Only those articles which met the set of selection criteria were selected for the study. All chosen papers are current studies published in the English language which identify the components relevant to zero trust cyber security architecture for government and private sectors. After selecting the studies for the SLR, we extracted relevant data from each paper, using the research questions in Table 6. Table 6: The extracted data items Point Description Title Title of research article Type Peer-reviewed journal/ conference paper Aim Main aim and short objectives Implementation Summary of what was implemented in this study Benefits Advantages of this study Challenges Challenges in this research work Future work Determined future areas Table 7: Relevant studies that meet the inclusion criteria Research Article Year Article Title RA1 1997 Lessons Learned with the Systems Security Engineering Capability Maturity Model https://ieeexplore.ieee.org/document/610409 RA2 2006 Towards an Information Security Competence Maturity Model https://www.sciencedirect.com/science/article/pii/S1361372306703566 RA3 2008 A security architecture for transient trust https://dl.acm.org/doi/10.1145/1456508.1456510 RA4 2009 GoCoMM: a governance and compliance maturity model https://dl.acm.org/doi/10.1145/1655168.1655175 RA5 2009 An Overview of the Community Cyber Security Maturity Model https://www.igi-global.com/chapter/overview-community-cyber-security-maturity/7422 RA6 2009 A model to assess the maturity level of the Risk Management process in information security https://ieeexplore.ieee.org/document/5195935 RA7 2010 A Security Engineering Capability Maturity Model https://ieeexplore.ieee.org/document/5607700 RA8 2011 Secure e-government services: Towards a framework for integrating it security services into e-government maturity models https://ieeexplore.ieee.org/document/6027525 RA9 2011 A Maturity Model for Segregation of Duties in Standard Business Software https://link.springer.com/chapter/10.1007/978-3-642-24148-2_20 RA10 2012 SOASMM: A novel service oriented architecture Security Maturity Model https://ieeexplore.ieee.org/document/6320279 RA11 2013 A dynamic capability maturity model for improving cyber security https://ieeexplore.ieee.org/document/6699005 RA12 2014 Sustainable security advantage in a changing environment: The Cybersecurity Capability Maturity Model (CM2) https://ieeexplore.ieee.org/document/6858466 RA13 2015 Capability Maturity Model of Software Requirements Process and Integration (SRPCMMI) https://dl.acm.org/doi/10.1145/2816839.2816856 RA14 2015 A maturity model for part of the African Union Convention on Cyber Security https://ieeexplore.ieee.org/document/7237313 RA15 2015 Modelling Cyber Security Governance Maturity https://ieeexplore.ieee.org/document/7439415 RA16 2015 PLCloud: Comprehensive power grid PLC security monitoring with zero safety disruption https://ieeexplore.ieee.org/document/7436401 RA17 2015 Towards an Encompassing Maturity Model for the Management of Hospital Information Systems https://link.springer.com/article/10.1007/s10916-015-0288-1 RA18 2016 HISMM – Hospital Information System Maturity Model: A Synthesis https://link.springer.com/chapter/10.1007/978-3-319-48523-2_18 RA19 2016 Implementing Zero Trust Cloud Networks with Transport Access Control and First Packet Authentication https://ieeexplore.ieee.org/document/7796146 RA20 2016 The Community Cyber Security Maturity Model https://link.springer.com/chapter/10.1007/978-3-319-32824-9_8 RA21 2016 Information security maturity model: A best practice driven approach to PCI DSS compliance https://ieeexplore.ieee.org/document/7519379 RA22 2016 Security metrics maturity model for operational security https://ieeexplore.ieee.org/document/7575045 RA23 2016 Can maturity models support cyber security? https://ieeexplore.ieee.org/document/7820663 RA24 2016 A vulnerability-driven cyber security maturity model for measuring national critical infrastructure protection preparedness https://www.sciencedirect.com/science/article/pii/S1874548216301330 RA25 2016 Applying a Capability Maturity Model (CMM) to evaluate global health security-related research programmes in under-resourced areas https://www.tandfonline.com/doi/full/10.1080/23779497.2017.1279022 RA26 2017 Maturity Model of Information Security for Software Developers https://ieeexplore.ieee.org/document/8071246 RA27 2018 A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure https://ieeexplore.ieee.org/document/8320362 RA28 2018 Establishment and application of Enterprise management maturity model based on multimedia data information systems https://link.springer.com/article/10.1007/s11042-018-5999-0 RA29 2018 Information Security Management Systems – A Maturity Model Based on ISO/IEC 27001 https://link.springer.com/chapter/10.1007/978-3-319-93931-5_8 RA30 2018 A New Adaptive Cyber-security Capability Maturity Model https://ieeexplore.ieee.org/document/8661018 RA31 2018 A Security Model based Authorization Concept for OPC Unified Architecture https://dl.acm.org/doi/10.1145/3291280.3291799 RA32 2018 Modeling of dynamic trust contracts for industry 4.0 systems https://dl.acm.org/doi/10.1145/3241403.3241450 RA33 2018 An Ecosystem and IoT Device Architecture for Building Trust in the Industrial Data Space https://dl.acm.org/doi/10.1145/3198458.3198459 RA34 2018 Cyber Security Maturity Model and Maqasid al-Shari’ah https://ieeexplore.ieee.org/document/8567132 RA35 2019 A Maturity Model for IT-Related Security Incident Management https://link.springer.com/chapter/10.1007/978-3-030-20485-3_16 RA36 2019 Towards a capability maturity model for digital forensic readiness https://link.springer.com/article/10.1007/s11276-018-01920-5 RA37 2019 Towards a Maturity Model for Cloud Service Customizing https://link.springer.com/chapter/10.1007/978-3-030-32475-9_21 RA38 2019 Towards creation of a reference architecture for trust-based digital ecosystems https://dl.acm.org/doi/10.1145/3344948.3344973 RA39 2019 A Master-Slave Chain Architecture Model for Cross-Domain Trusted and Authentication of Power Services https://dl.acm.org/doi/10.1145/3377170.3377225 RA40 2019 Secure Design and Development Cybersecurity Capability Maturity Model (SD2-C2M2): Next-Generation Cyber Resilience by Design https://dl.acm.org/doi/10.1145/3332448.3332461 RA41 2019 Security maturity model of web applications for cyber attacks https://dl.acm.org/doi/10.1145/3309074.3309096 RA42 2019 Secure Kubernetes Networking Design Based on Zero Trust Model: A Case Study of Financial Service Enterprise in Indonesia https://link.springer.com/chapter/10.1007/978-3-030-22263-5_34 RA43 2020 Towards a capability and maturity model for Collaborative Software-as-a-Service https://link.springer.com/article/10.1007/s11334-020-00360-9 RA44 2020 Towards an Information Security Awareness Maturity Model https://link.springer.com/chapter/10.1007/978-3-030-50506-6_40 RA45 2020 Adopting security maturity model to the organizations’ capability model https://www.sciencedirect.com/science/article/pii/S1110866520301390 RA46 2020 Feasibility Study of Zero Trust Security in the Power Industry https://link.springer.com/chapter/10.1007/978-3-030-51556-0_29 RA47 2020 Survey on Zero-Trust Network Security https://link.springer.com/chapter/10.1007/978-981-15-8083-3_5 RA48 2020 A maturity model for secure requirements engineering https://www.sciencedirect.com/science/article/pii/S0167404820301243 RA49 2020 Protection of Sensitive Data in Zero Trust Model https://dl.acm.org/doi/abs/10.1145/3377049.3377114
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.