Serious Games with SysML: Gamifying Threat Modelling in a Small Business Setting

Abstract: This paper describes using casual games to capture and disseminate expert security knowledge with a digital model at a small company. Most companies in the global supply chain are Very Small Entities (VSE), meaning they employ five (5) to twenty‐five (25) people. These companies represent a risk because they have little to no security proficiency and limited resources and incentive to prioritize system security. Moreover, this is a hidden risk because the companies higher up in the supply chain rely on contrac… Show more

“…Michael, et al claim that the concept of ZTA is currently a moving target, and developing and sustaining ZTA is essentially impossible [61]. Some experts consider Zero Trust as a misnomer [62]. When a good majority of cybersecurity experts believe ZTA itself is impossible or illusive [63], the legitimacy of research reports claiming ZTAbD (Zero Trust Architecture by Design) is at best questionable.…”

“…Each of these pillars is layered in legacy computing systems mandating third-party permissions, which are governed by a policy engine, policy administration, and policy enforcement process defined by the system's varying operational circumstances (Figure 9). Although several reports [62]- [67] claim the merit of ZT by Design or absolute zero trust (AZT), technically all those proposed ZT implementations in the prior art are policy based [61]- [69], and therefore strictly speaking cannot be ZTbD or AZT. Embedding full, seamless, and autonomous ZT in any legacy computing system is wishful thinking that can only be desired but not achieved.…”

From Standard Policy-Based Zero Trust to Absolute Zero Trust (AZT): A Quantum Leap to Q-Day Security

“…Michael, et al claim that the concept of ZTA is currently a moving target, and developing and sustaining ZTA is essentially impossible [61]. Some experts consider Zero Trust as a misnomer [62]. When a good majority of cybersecurity experts believe ZTA itself is impossible or illusive [63], the legitimacy of research reports claiming ZTAbD (Zero Trust Architecture by Design) is at best questionable.…”

“…Each of these pillars is layered in legacy computing systems mandating third-party permissions, which are governed by a policy engine, policy administration, and policy enforcement process defined by the system's varying operational circumstances (Figure 9). Although several reports [62]- [67] claim the merit of ZT by Design or absolute zero trust (AZT), technically all those proposed ZT implementations in the prior art are policy based [61]- [69], and therefore strictly speaking cannot be ZTbD or AZT. Embedding full, seamless, and autonomous ZT in any legacy computing system is wishful thinking that can only be desired but not achieved.…”

From Standard Policy-Based Zero Trust to Absolute Zero Trust (AZT): A Quantum Leap to Q-Day Security

Reviewing the SAE Levels of Driving Automation and Research Gaps to Accelerate the Development of a Quantum-Safe CCAM Infrastructure