Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Zero trust computing through the application of information asset registers
Cyber Security: A Peer-Reviewed Journal,
5
(1),
80-94
(2021)
Abstract
It is proposed that information asset registers are a key enabler towards the implementation of zero trust computing (ZTC), which requires a detailed knowledge of the information being processed and especially a detailed, well-documented knowledge of the network and technical infrastructure in order to support a zero-trust environment. ZTC also requires detailed documentation to facilitate operational cyber resilience. Asset registers are a key resource to speed up incident response and recovery. Information asset registers are part of the information management, assurance and governance (IMAG) approach. It is proposed the information asset database is at the heart of the information assurance and ZTC ecosystem. This fact has been partially recognised through the Information Technology Infrastructure Library (ITIL) configuration management database (CMDB). We also explore issues related to hybrid infrastructures.
Keywords: zero trust computing (ZTC); information asset registers; information governance; information assurance risk management; cyber incident response; information taxonomies; hybrid zero trust environments/operational resilience
The full article is available to subscribers to the journal.
Author's Biography
Mark Brett is a Chartered Manager and Chartered IT Professional. Mark is a CCP Lead SIRA, having an outstanding track record as a senior manager and consultant in local and central government. He is actively engaged in the Local Government Cyber Resilience Programme with the Ministry of Housing, Communities and Local Government (MHCLG). Mark worked for three years with the PSN Programme in GDS Lead IA Adviser and PSN SOC/Security Manager. As lead security analyst in MOJ Digital, Mark developed an agile approach to information risk management and assurance, which he has implemented in MHCLG. Mark was CIO of London Connects. As a deputy director in the London Resilience Team, he designed and implemented a Pan-London Emergency Management Extranet and was instrumental in setting up the WARP programme for CPNI. As information assurance adviser to the Local Government Association, he is the author of the Local Public Services Data Handling guidelines. He continues to lead the Local Government IA work as a special adviser to the local CIO Council and through the Local Government Cyber Security Stakeholder Group and the Local Government PSN Board. Mark is currently cyber technical adviser to MHCLG, working on the National Cyber Security Programme – Local. Mark’s work in the cyber and resilience world involves developing cyber resilience exercises and response capability training, which is being used within local resilience forums in England, and leading the Cyber Resilience Programme in Wales for the Welsh Government, working with the four Welsh LRFs. Mark has recently authored the emergency management exercise that is being run across the English local resilience forums. Mark is a fellow of the Institute of Civil Protection and Emergency Management and a member of the Emergency Planning Society. Mark is an honorary visiting fellow in cyber security at De Montfort University and lectures at Warwick and London Metropolitan Universities. Mark completed a doctoral training programme at De Montfort University.
