Date of Award

12-2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Defense (PhDCD)

First Advisor

Yong Wang

Second Advisor

Varghese Vaidyan

Third Advisor

Mary Francis

Abstract

Increasingly sophisticated and varied cyber threats necessitate ever-improving enterprise security postures. For many organizations today, those postures have a foundation in the Zero Trust Architecture (ZTA). This strategy sees trust as something an enterprise must not give lightly or assume too broadly. Understanding the ZTA and its numerous controls- centered around the idea of not trusting anything inside or outside the network without verification, will allow organizations to comprehend and leverage this increasingly common paradigm. The ZTA, unlike many other regulatory frameworks, is not tightly defined. The research assesses the likelihood of quantifiable guidelines that measure cybersecurity maturity for an enterprise organization in relation to ZTA implementation. This is a new, data-driven methodology for quantifying cyber resilience enabled by the adoption of Zero Trust principles to pragmatically address the critical need of organizations. It also looks at the practical aspects ZTA has on capabilities in deterring cyberattacks on a network. Coupled with quantitative statistical methods, the ZTA maturity approach provides guidance on how an organization can objectively gauge its cybersecurity posture. The outcomes of this research define a prescriptive set of key technical controls across identity verification, microsegmentation, data encryption, analytics, and orchestration that characterize the comprehensive ZTA deployment. By evaluating the depth of integration for each control component and aligning to industry best practices, the study's results help assess an organization's ZTA maturity level on a scale from Initial to Optimized adoption. The research’s resultant four-tier model demarcates phases for an organization on its security transformation journey, with each tier adding to the capability of the last. This structured approach will help organizations improve their respective security postures without systematically compromising operational effectiveness, thereby improving risk management and threat response capabilities. This model does much more than just provide security. It helps an organization optimize resources, make focused investments, and measure progress along its Zero Trust journey in quantifiable terms.

Download

Share

COinS