Human-Centered Cybersecurity Part 2: Zero Trust

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

There is a saying in cybersecurity that the human element is the greatest vulnerability, but that statement does not provide context for the scope of the opportunity to leverage the human element to mitigate cyber risk. Information security officers have begun to adopt the language of risk management in response to the growing threat. One of the hottest trends in cybersecurity is the adoption of a Zero Trust posture. This was discussed in earlier chapters but is noteworthy now not as a pillar in the cognitive risk framework but as context from what else is needed to ensure the Zero Trust methodology works as expected.[1] Zero Trust and the cognitive risk framework share concepts that are important and diverge where there are gaps. Zero Trust is a long-term, transformational commitment.

Zero Trust requires organizations to re-architect how information security is conducted. The third pillar of a human-centered framework is focused on re-architecting how people interact with technology.  Both are radical changes in how traditional security is implemented and both rely on people executing the re-architecture of systems and people in new ways. Both must reflect the fluidity of business operations and be responsive to change as well as recognize that progress is incremental, not a plug and play with a new app or new policy and procedure. Both require a radical change in mindset in the CISO suite and with management.

Prescribing Zero Trust

Zero Trust is prescriptive, meaning there is a great deal of guidance provided by N.I.S.T.,

Read more

Explore the site

More from the blog

Latest News