the y-axis is access to a system, and the x-axis is access across a network.
The Y access then becomes also access to data on the system, and the x-axis becomes access across the network to data.
If you can quantify the data, then you can assign numbers to number of systems, and then a separate set of numbers to levels of access to each system, Maybe?
How is the user able to prove that their authorized to access the system and the data it contains.
Okay, zero trust, but how do you do a new user?
How do you establish trust?