Paper Number
1821
Paper Type
Completed
Description
Recent successful cybersecurity attacks have exploited trust to compromise organizational information systems. Scholars and practitioners agree that the issue originates from the organizational perimeter security approach, within which perimeter trust is assumed. To improve the situation, building security principles on the idea that trust is not inherent but earned has been proposed, coined as Zero Trust. However, the current discussions spearheaded by technology-minded practitioners have focused mostly on trust at the network security and architecture levels, largely omitting the organizational aspects of security. To address this gap, we build on socio-technical approach and maturity models to develop a novel artifact with security experts, addressing the need for organizational Zero Trust through the Extended Zero Trust Maturity Model. Our research contributes to discussions on holistic information security management by extending the principles of Zero Trust from technical into socio-technical approach and responds to calls to reconsider foundational assumptions of IS security.
Recommended Citation
Tokerud, Simen; Jansen, Jarand Nikolai; Niemimaa, Marko; and Järveläinen, Jonna, "Designing Extended Zero Trust Maturity Model – From Technical to Socio-Technical" (2023). ICIS 2023 Proceedings. 5.
https://aisel.aisnet.org/icis2023/cyber_security/cyber_security/5
Designing Extended Zero Trust Maturity Model – From Technical to Socio-Technical
Recent successful cybersecurity attacks have exploited trust to compromise organizational information systems. Scholars and practitioners agree that the issue originates from the organizational perimeter security approach, within which perimeter trust is assumed. To improve the situation, building security principles on the idea that trust is not inherent but earned has been proposed, coined as Zero Trust. However, the current discussions spearheaded by technology-minded practitioners have focused mostly on trust at the network security and architecture levels, largely omitting the organizational aspects of security. To address this gap, we build on socio-technical approach and maturity models to develop a novel artifact with security experts, addressing the need for organizational Zero Trust through the Extended Zero Trust Maturity Model. Our research contributes to discussions on holistic information security management by extending the principles of Zero Trust from technical into socio-technical approach and responds to calls to reconsider foundational assumptions of IS security.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
06-Security