CONSIDERATIONS FOR ADOPTING ZERO TRUST PRINCIPLES AND USER AND ENTITY BEHAVIOR ANALYTICS INTO DEVELOPMENT, SECURITY, AND OPERATIONS FOR PROTECTION AGAINST INSIDER THREATS
Loading...
Authors
Lehman, Laurie M.
Subjects
cyber
cybersecurity
insider threat
user
behavior analytics
zero trust
development
security
operations
model
process
cybersecurity
insider threat
user
behavior analytics
zero trust
development
security
operations
model
process
Advisors
Mailloux, Logan O.
Date of Issue
2023-12
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
This thesis explores the incorporation of zero trust principles and user and entity behavior analytics (UEBA) into a single model to guide the design, development, integration, and deployment of information technology and specifically to the development, security, and operations (DevSecOps) of software applications to detect and protect against insider threats. The security benefits of fully implementing zero trust principles along with an integrated UEBA process in the enhanced DevSecOps methodology is studied along with a detailed analysis to explore emerging behaviors. The study serves to (1) provide a seamless and coordinated path for integrating zero trust principles into DevSecOps execution; (2) offer useful recommendations to address cyber vulnerabilities; (3) enhance insider threat detection techniques in DevSecOps; and (4) validate whether the proposed model meets the desired outcomes for DOD components to achieve the required zero trust capabilities for data, assets, applications, and services (DAAS).
Type
Thesis
Description
Series/Report No
Department
Systems Engineering (SE)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.