• Journal of Internet Computing and Services
    ISSN 2287 - 1136 (Online) / ISSN 1598 - 0170 (Print)
    https://jics.or.kr/
Menu

Research on Cyber Resilience Assessment Metrics Through the Integrated Implementation of Zero Trust and MITRE ATT&CK


Gwang-Hyun Ahn, Ji-su Jang, Hanhee Lee, Ji-Won Kang, Dong-kyoo Shin, Journal of Internet Computing and Services, Vol. 25, No. 6, pp. 107-129, Dec. 2024
10.7472/jksii.2024.25.6.107, Full Text:
Keywords: Cyber Resilience, Zero Trust, MITRE ATT&CK, Security Assessment, risk management

Abstract

With the rapid development of the digital information age, cyber threats have significantly increased. Currently, various industries employ perimeter-based security approaches, but these methods mainly focus on external network attacks and have limited ability to defend against threats within the internal network or from insiders. This allows internal users or attackers who have successfully infiltrated the network to move freely, causing additional damage, making effective detection and response challenging. To address this issue, this study aims to enhance security and improve threat detection and response capabilities by integrating the Zero Trust model with the MITRE ATT&CK framework, ultimately strengthening an organization’s cyber resilience. This research presents a new paradigm in cybersecurity, allowing organizations to actively analyze the evolving cyber threat landscape and find ways to ensure a safer and more resilient digital future. Specifically, the cyber resilience assessment metrics derived from the integration of the Zero Trust model and MITRE ATT&CK matrix can serve as vital tools for developing strategies to respond to and recover from cyber threats across various industries and on a national scale. Moreover, the research methods and approaches presented in this paper can contribute to predicting and developing recovery strategies for cyber threats in diverse environments, continuously enhancing cyber resilience metrics. By analyzing real-world case studies and conducting simulated training, organizations can strengthen their threat prediction and response capabilities, improving overall resilience. Future research will focus on implementing the proposed cyber resilience metrics across different industries and at the national level through real-world case studies and simulated scenarios to assess their adaptability and effectiveness. This study is expected to make a significant contribution by introducing a new cybersecurity paradigm, helping organizations strengthen their cyber resilience and ensuring ongoing safety and security.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Ahn, G., Jang, J., Lee, H., Kang, J., & Shin, D. (2024). Research on Cyber Resilience Assessment Metrics Through the Integrated Implementation of Zero Trust and MITRE ATT&CK. Journal of Internet Computing and Services, 25(6), 107-129. DOI: 10.7472/jksii.2024.25.6.107.

[IEEE Style]
G. Ahn, J. Jang, H. Lee, J. Kang, D. Shin, "Research on Cyber Resilience Assessment Metrics Through the Integrated Implementation of Zero Trust and MITRE ATT&CK," Journal of Internet Computing and Services, vol. 25, no. 6, pp. 107-129, 2024. DOI: 10.7472/jksii.2024.25.6.107.

[ACM Style]
Gwang-Hyun Ahn, Ji-su Jang, Hanhee Lee, Ji-Won Kang, and Dong-kyoo Shin. 2024. Research on Cyber Resilience Assessment Metrics Through the Integrated Implementation of Zero Trust and MITRE ATT&CK. Journal of Internet Computing and Services, 25, 6, (2024), 107-129. DOI: 10.7472/jksii.2024.25.6.107.