{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,2]],"date-time":"2026-06-02T23:46:05Z","timestamp":1780443965478,"version":"3.54.1"},"reference-count":25,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2024,9,20]],"date-time":"2024-09-20T00:00:00Z","timestamp":1726790400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>Cyber threats are continually evolving and becoming increasingly complex, affecting various industries. Healthcare institutions are the second most targeted industry, preceded by manufacturing. The industry is on the lookout for a reliable cybersecurity system. This research analyzed the feasibility and reality of implementing a Zero Trust Architecture (ZTA) framework within a large healthcare enterprise with a workforce within the range of 45 k to 50 k personnel. It utilizes a baseline concept centered on the widely used Perimeter-Based Security Model (PBSM) in production environments. The focus is on assessing the feasibility of transitioning from a PBSM to a ZTA framework and specifically aims to assess the effects of such a transition on security, control, cost-effectiveness, supportability, risk, operational aspects, and the extent to which ZTA is applicable across different applications. Company X was used as a case study and provided data for analysis in support engagements and host traffic telemetry values. Findings indicated that a PBSM remains effective in providing defense measures for an organization mainly when a significant financial incentive is involved. On the other hand, ZTA offers a more secure environment with a notable reduction in risk, albeit at an additional cost and with added support variables.<\/jats:p>","DOI":"10.3390\/jcp4030035","type":"journal-article","created":{"date-parts":[[2024,9,20]],"date-time":"2024-09-20T07:38:57Z","timestamp":1726817937000},"page":"762-776","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Cybersecurity Access Control: Framework Analysis in a Healthcare Institution"],"prefix":"10.3390","volume":"4","author":[{"given":"Erik William","family":"Tomlinson","sequence":"first","affiliation":[{"name":"Vanderbilt University Medical Center, Nashville, TN 37232, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Wolday D.","family":"Abrha","sequence":"additional","affiliation":[{"name":"Department of Engineering Management & Technology, University of Tennessee at Chattanooga, Chattanooga, TN 37403, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2695-450X","authenticated-orcid":false,"given":"Seong Dae","family":"Kim","sequence":"additional","affiliation":[{"name":"Department of Engineering Management & Technology, University of Tennessee at Chattanooga, Chattanooga, TN 37403, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Salvador A.","family":"Ortega","sequence":"additional","affiliation":[{"name":"Vanderbilt University Medical Center, Nashville, TN 37232, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2024,9,20]]},"reference":[{"key":"ref_1","unstructured":"Daugherty, T. (2023, October 10). The Evolving Cyber Threat Landscape. Security Magazine. Available online: https:\/\/www.securitymagazine.com\/articles\/99972-the-evolving-cyber-threat-landscape."},{"key":"ref_2","unstructured":"Check Point Research Team (2023, October 10). Check Point Research Reports a 38% Increase in 2022 Global Cyberattacks. Available online: https:\/\/blog.checkpoint.com\/2023\/01\/05\/38-increase-in-2022-global-cyberattacks\/."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"103832","DOI":"10.1016\/j.csi.2024.103832","article-title":"A critical analysis of Zero Trust Architecture (ZTA)","volume":"89","author":"Fernandez","year":"2024","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_4","unstructured":"Hackney, H. (2023, July 03). Is Zero Trust Achievable? Architecture & Governance Magazine. Available online: https:\/\/www.architectureandgovernance.com\/elevating-ea\/is-zero-trust-achievable\/."},{"key":"ref_5","unstructured":"Gartner (2023, November 15). Prisma SASE Reviews. Gartner Peer Insights. Available online: https:\/\/www.gartner.com\/reviews\/market\/single-vendor-sase."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"e191","DOI":"10.1002\/spy2.191","article-title":"Augmenting zero trust architecture to endpoints using blockchain: A state-of-the-art review","volume":"5","author":"Alevizos","year":"2022","journal-title":"Secur. Priv."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Gupta, A., Gupta, P., Pandey, U.P., Kushwaha, P., Lohani, B.P., and Bhati, K. (2024, January 9\u201311). ZTSA: Zero Trust Security Architecture a Comprehensive Survey. Proceedings of the 2024 International Conference on Communication, Computer Sciences and Engineering (IC3SE), Gautam Buddha Nagar, India.","DOI":"10.1109\/IC3SE62002.2024.10593067"},{"key":"ref_8","unstructured":"Haan, K. (2023, June 12). Remote Work Statistics and Trends in 2024. Forbes Advisor. Available online: https:\/\/www.forbes.com\/advisor\/business\/remote-work-statistics\/."},{"key":"ref_9","unstructured":"Leedy, P., Ormrod, J.E., and Johnson, L.R. (2019). Practical Research Planning and Design, Pearson. [12th ed.]."},{"key":"ref_10","first-page":"329","article-title":"Introduction to the Special Issue on Qualitative Research in Technical Communication","volume":"55","author":"Conklin","year":"2011","journal-title":"Tech. Commun."},{"key":"ref_11","unstructured":"Office for Civil Rights (2022, October 20). The Security Rule. U.S. Department of Health and Human Services, Available online: https:\/\/www.hhs.gov\/hipaa\/for-professionals\/security\/index.html."},{"key":"ref_12","unstructured":"Lindmann, N. (2021, August 09). What\u2019s the Average Survey Response Rate? Pointerpro. Available online: https:\/\/pointerpro.com\/blog\/average-survey-response-rate\/."},{"key":"ref_13","unstructured":"(2024, April 15). Ted: The Economics Daily, Consumer Prices up 3.1 Percent from January 2023 to January 2024, Available online: https:\/\/www.bls.gov\/opub\/ted\/2024\/consumer-prices-up-3-1-percent-from-january-2023-to-january-2024.htm."},{"key":"ref_14","unstructured":"Sarraf, S. (2023, October 18). Most Organizations Globally Have Implemented Zero Trust. CSO. Available online: https:\/\/www.csoonline.com\/article\/656108\/most-organizations-globally-have-implemented-zero-trust.html."},{"key":"ref_15","unstructured":"Fruhlinger, J. (2022, July 28). Defense in Depth Explained: Layering Tools and Processes for Better Security. CSO. Available online: https:\/\/www.csoonline.com\/article\/573221\/defense-in-depth-explained-layering-tools-and-processes-for-better-security.html."},{"key":"ref_16","unstructured":"LAN\/MAN Standards Committee (2020, February 28). 802.1x-2020-IEEE Standard for Local and Metropolitan Area Networks\u2014PORT-Based Network Access Control. IEEE. Available online: https:\/\/doi-org.proxy.lib.utc.edu\/10.1109\/IEEESTD.2020.9018454."},{"key":"ref_17","unstructured":"Patnaik, D. (2021, June 27). Modernization of Network Access Control (nac) with Zero Trust Security. Linkedin. Available online: https:\/\/www.linkedin.com\/pulse\/modernization-network-access-control-nac-zero-trust-security-patnaik\/."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Rose, S., Borchert, O., Mitchell, S., and Connelly, S. (2020). Zero Trust Architecture, National Institute of Standards and Technology.","DOI":"10.6028\/NIST.SP.800-207-draft2"},{"key":"ref_19","unstructured":"United States Internal Revenue Service (2024, September 06). Publication 946 (2023), How to Depreciate Property, Available online: https:\/\/www.irs.gov\/publications\/p946#en_US_2023_publink1000107772."},{"key":"ref_20","unstructured":"Greaves, P. (2015, February 18). Common Mistakes When Calculating the Total Cost of Ownership. Linkedin. Available online: https:\/\/www.linkedin.com\/pulse\/ten-common-mistakes-when-calculating-total-cost-peter-greaves\/."},{"key":"ref_21","unstructured":"Bandos, T. (2021, June 09). Do the Security Benefits of Cloud Migration Outweigh the Downsides? Techhq. Available online: https:\/\/techhq.com\/2021\/06\/do-the-security-benefits-of-cloud-migration-outweigh-the-downsides\/."},{"key":"ref_22","unstructured":"Doan, M. (2024, September 06). Improving Your Bottom Line with Cybersecurity. MIT Sloan Management Review. Available online: https:\/\/sloanreview.mit.edu\/article\/improving-your-bottom-line-with-cybersecurity\/."},{"key":"ref_23","unstructured":"Lapidus, B. (2018, October 16). How to Calculate Your Return on Security Investments: Fp&a\u2019s Role. Association for Financial Professionals. Available online: https:\/\/www.afponline.org\/ideas-inspiration\/topics\/articles\/Details\/calculating-your-return-on-security-investments-fp-a-s-role."},{"key":"ref_24","unstructured":"Olsen, E. (2023, November 15). Average Cost of Healthcare Data Breach Reaches $11m, Report Finds. Cybersecurity Dive. Available online: https:\/\/proxy.lib.utc.edu\/login?url=https:\/\/www.proquest.com\/trade-journals\/average-cost-healthcare-data-breach-reaches-11m\/docview\/2844443827\/se-2."},{"key":"ref_25","unstructured":"Goldstein, J. (2020, July 16). What Are Insider Threats and How Can You Mitigate Them. Security Intelligence. Available online: https:\/\/securityintelligence.com\/things-to-consider-when-calculating-the-return-on-security-investment\/."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/4\/3\/35\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T16:00:44Z","timestamp":1760112044000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/4\/3\/35"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,20]]},"references-count":25,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2024,9]]}},"alternative-id":["jcp4030035"],"URL":"https:\/\/doi.org\/10.3390\/jcp4030035","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,9,20]]}}}