발간년도 : [2024]
논문정보 |
|
논문명(한글) |
[Vol.19, No.3] A Study on the Application of Zero Trust in the Financial Industry |
|
논문투고자 |
Daewon Kim |
|
논문내용 |
Zero Trust is a cybersecurity paradigm that its protection mechanism differs from a predominant static network-based perimeter defense. Moving away from this static network-based perimeter defense, the protection mechanism of Zero Trust focuses primarily on what it is supposed to protect such as users, assets, and resources. Zero Trust assumes that no implicit trust is granted to an asset or user account based solely on physical or network location, or based on asset ownership. Recently, financial security experts have argued that Zero Trust policies should be mandated from the development and testing stage of an information system, and should be encouraged to apply them to all financial services. Financial institutions ought to take into consideration of the complex and hybrid nature of cybersecurity of the finance industry when implementing Zero Trust architecture. Thus, we first introduce the concept of Zero Trust and examine the key elements of Zero Trust security model. Next, basing on Zero Trust guidelines and security architecture, we propose three feasible methods for applying Zero Trust to the financial industry. They are implementation of Zero Trust by using the SDP(Software Defined Perimeter), establishing a Zero Trust security model based on a standardized cybersecurity framework, and constructing financial security automation and financial sector SOAR(Security Orchestration, Automation and Response) solutions. |
|
첨부논문 |
|
|
|
|
|