Considerations for Adopting Zero Trust Principles and User and Entity Behavior Analytics into Development, Security, and Operations for Protection Against Insider Threats

This thesis explores the incorporation of zero trust principles and user and entity behavior analytics (UEBA) into a single model to guide the design, development, integration, and deployment of information technology and specifically to the development, security, and operations (DevSecOps) of software applications to detect and protect against insider threats. The security benefits of fully implementing zero trust principles along with an integrated UEBA process in the enhanced DevSecOps methodology is studied along with a detailed analysis to explore emerging behaviors. The study serves to: (1) provide a seamless and coordinated path for integrating zero trust principles into DevSecOps execution; (2) offer useful recommendations to address cyber vulnerabilities; (3) enhance insider threat detection techniques in DevSecOps; and (4) validate whether the proposed model meets the desired outcomes for DOD components to achieve the required zero trust capabilities for data, assets, applications, and services (DAAS).