Modern perspectives of applying the concept of zero trust in building a corporate information security policy

Ворохоб, Максим Віталійович and Киричок, Роман Васильович and Яскевич, Владислав Олександрович and Добришин, Ю.Є. and Сидоренко, С.М. (2023) Modern perspectives of applying the concept of zero trust in building a corporate information security policy Електронне фахове наукове видання "Кібербезпека: освіта, наука, техніка", 1 (21). pp. 223-233. ISSN 2663-4023

[thumbnail of M_Vorokhob_R_Kyrychok_V_Yaskevych_Y_Dobryshyn_S_Sydorenko_CEST_21.pdf] Text
M_Vorokhob_R_Kyrychok_V_Yaskevych_Y_Dobryshyn_S_Sydorenko_CEST_21.pdf - Published Version

Download (437kB)

Abstract

Modern businesses have undergone significant changes as a result of digital advances and the recent COVID-19 pandemic. In particular, there has been an increase in the number of employees working remotely, using personal digital devices alongside corporate devices, and the enterprise itself moving business processes to the cloud or using hybrid environments that combine both cloud and on-premises services. Taken together, this leads to increased interaction between devices and services over open networks, creating new risks of cyber-attack. It is this situation that has led to the relevance and direction of this research. The paper analyzes the current state of effectiveness of the application of enterprise information security policy, in particular, identifies the main limitations associated with the difficulty, and sometimes impossibility, to control the behavioral aspects of enterprise employees to comply with the basic provisions of security policy and general information security. The basic principles of the Zero Trust conceptual approach are analyzed and the main advantages of its application in the formation of the security policy as a strategic approach to ensuring the information security of the enterprise in the conditions of dynamic growth of new threats and transformation of modern business are determined. At the same time, it is established that one of the key components of the Zero Trust architecture is the access control system. As a result, forming the prospects of applying the concept of Zero Trust in the construction and implementation of the information security policy, the necessity of conducting an accompanying study of the effectiveness of modern mechanisms of identification/authentication of access subjects was determined.

Item Type: Article
Uncontrolled Keywords: information security; security policy; zero trust concept; zero trust architecture; access control; access subject; identification; security perimeter; authentication; cloud environment; byod
Subjects: Це архівна тематика Київського університету імені Бориса Грінченка > Статті у журналах > Фахові (входять до переліку фахових, затверджений МОН)
Це архівна тематика Київського університету імені Бориса Грінченка > Статті у журналах > Наукові (входять до інших наукометричних баз, крім перерахованих, мають ISSN, DOI, індекс цитування)
Divisions: Це архівні підрозділи Київського університету імені Бориса Грінченка > Факультет інформаційних технологій та математики > Кафедра комп'ютерних наук
Це архівні підрозділи Київського університету імені Бориса Грінченка > Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки імені професора Володимира Бурячка
Depositing User: Роман Васильович Киричок
Date Deposited: 05 Oct 2023 11:58
Last Modified: 05 Oct 2023 11:58
URI: https://elibrary.kubg.edu.ua/id/eprint/46269

Actions (login required)

View Item View Item