Mistaken assumptions about authorized users constrains the trustworthiness of information systems

The National Institute of Standards and Technology (NIST) released an updated guide to its Risk Management Framework (RMF) in December when it published the final public draft of Special Publication 800-39. Among several areas where the…

More lessons to be learned from WikiLeaks on information sharing, access control, and trust

There is no shortage of post-hoc analysis on how a quarter million State Department cables and other documents were acquired and sent to WikiLeaks, how a recurrence of such an incident might be avoided, or on…

Trust enables, but is not required for, both cooperation and collaboration

There is wide variation on the most effective means to foster or achieve cooperation between organizations, but trust is one of several mechanisms often suggested that can have an enabling effect on cooperation, alone or in…

Decisions to trust others are both personal and subjective

One of the more challenging aspects of addressing organizational trust (whether between individuals and organizations or between two or more organizations) is the inherent subjectivity involved in determining the trustworthiness of organizations and making decisions to…

When does technical competence trump historical performance

The joint announcement last week by the Department of Homeland Security (DHS) and the Department of Defense (DoD) to formalize a cooperative relationship between the two agencies to provide coordinated cybersecurity operations to protect government computing…

Illustrating different applications of the concept of trust

While the core topic of this blog is managing trust, one recurring theme that serves as a sort of preliminary consideration to trust management is making sense of trust as a fundamental concept and, especially, understanding…

Evaluating technical tools and services as an exercise in trust

People often seek tools and technology services to help protect security and privacy of information, but when evaluating such technical tools, it can be equally important to consider the source of the tool to determine whether…