How do you use IT if you don't trust anyone - i.e. take zero trust seriously. You have to define chains of trust. This includes our own and external personnel, suppliers, subcontractors, service providers and all ICT components. 
Consequently, there are fewer trustworthy chains of action/processes and a core of particularly sensitive activities. However, every ICT component always has the purpose of processing data or establishing communication relationships for data transmission. The process and the people involved should also be trustworthy “enough” if they have access to the plain text information. So what is trustworthy “enough” for which data? The human resources department e.g. B. works with sensitive data that is subject to regulations, but sho ...