Abstract
AbstractImportant norms may evolve to be promoted, implemented, and enforced by policymakers; one current example is zero trust. This norm originally arose organically, as a trusted norm among cyber security practitioners. This paper explores a puzzling question; will zero trust continue to be trusted as it evolves as an enforced norm? By leveraging well-established theory on trust, this paper presents a novel approach to allow the study of how actors may trust an evolving norm such as zero trust. The paper first examines the emergence of zero trust. Next, following the SolarWinds breach, state-led policy responses enforcing the adoption of zero trust are reviewed. Key theory on norms and trust are revisited to help create a foundation. Expanding on the integrative processes in trust building together with a comparative assessment of the assumptions in presumptive trust and zero trust, the contribution of this paper lays a foundation through presenting a new approach that enables an assessment of trust in norms (ATiN). Thus, allowing study of the trust in discursive organic norms as compared with norms evolving as policy-enforced norms. Findings from a preliminary evaluation illustrate the ability of ATiN in disentangling the elements and processes involved during trust building in a policy-enforced norm. This paper invites other researchers’ interest and calls for a research agenda for trust and norms for cybersecurity, trust and zero trust.KeywordsCyber securityTrustZero trustNorms
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
