Journal
2021 WORKSHOP ON COMMUNICATION NETWORKS AND POWER SYSTEMS (WCNPS)
Volume -, Issue -, Pages -Publisher
IEEE
DOI: 10.1109/WCNPS53648.2021.9626299
Keywords
Zero Trust; Cyber Supply Chain; Software Bill of Materials; SBOM; DevSecOps; Gap analysis
Categories
Funding
- Institutional Security Office of the Presidency of Brazil (GSI/PR)
- Brazilian Intelligence System (SisBIn)
- Brazilian Supreme Electoral Court (TSE)
- RedeGigaCandanga
Ask authors/readers for more resources
The use of a Zero Trust architecture in a cyber supply chain can enhance security by revising trust in all relationships and assuming the presence of internal threats. This study contributes to the improvement of cyber supply chain security by proposing security controls organization, providing a control checklist, and suggesting ways to visualize the results.
The cyber supply chain has been a target of sophisticated attacks. Vulnerabilities in components that were once considered secure due to perceived trusting relationships are being exploited. One way to reduce this type of cyber risk is through the use of a Zero Trust architecture. This type of approach revises trust in all relationships. It disregards the implicit trust in any component and is based on the premise of the existence of internal threats to the corporate network. The present work proposes to integrate a Zero Trust architecture in a cyber supply chain. The main contribution of this study is to propose an organization of security controls for a cyber supply chain in domains, enabling improvements in the security of the cyber supply chain by applying the principles of a Zero Trust architecture. The study also provides a checklist of controls that allows a gap analysis and suggests some ways of visualizing this result.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available
Share Paper
