cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Re: What is Trust?

@rsladeDo we get signed autograph copies of your books? 

 

So what exactly does your dictionary state and define "Trust"?  Or even Zero Trust?

 

Regards

 

Caute_cautim

Caute_cautim
Community Champion

Re: What is Trust?

Hi All

 

Onward we go to under stand the word "Trust"

 

Trust Modeling for Security Architecture Development  by Sun Microsystems 2003

Information technology architects must build applications, systems, and networks that match ordinary users' expectations of trust in terms of identity, authentication, service level agreements, and privacy. This article describes the vocabulary of trust relationships and demonstrates the practical importance of using trust modeling to formalize the threshold for risk.
Understanding Trust

As with many seemingly complex concepts, a good starting point is to consider the commonplace, everyday meaning of a word. Trust is an important part of our lives and it has numerous definitions. Consider questions like the following, which we deal with regularly even if we don't formalize a model:

  • What does it take to establish trust?

  • How do I determine the degree of trust to assign to an individual or process?

  • Would I trust a recommendation from an auto mechanic or a child care provider the same way?

Defining Trust

According to the ITU-T X.509, Section 3.3.54, trust is defined as follows:

"Generally an entity can be said to 'trust' a second entity when the first entity makes the assumption that the second entity will behave exactly as the first entity expects."

For the sake of defining trust and trust modeling relative to security architecture methodology, the following set of principles or elements are offered:

  • Trust is a characteristic and quality of a security architecture.

  • Trust is a balancing of liability and due diligence. For example, you must decide how much effort to expend to reduce liability to an acceptable level for a particular business proposition and stated security policy. You must establish an equilibrium of trust.

  • Trust is the enabling of confidence that something will or will not occur in a predictable or promised manner.  The enabling of confidence that something will or will not occur in a predictable or promised manner.  The enabling of confidence is supported by identification, authentication, accountability, authorisation and availability.
  • Trust is the binding of of unique attributes to a unique identity, for example, accountability.  This is both a qualitative and a subjective measure of expectations regarding another's behaviour and relative to a defined security policy.  Essentially a trust relationship is established when a satisfactory level of confidence in the attributes provided by an entity is achieved.
  • Trust is defined as a binary relationship, or set of componed binary relationship, based individual identity or unique characteristic validation.  That is, trust is the establishment of a trust relationship through a validation process and the subsequent use of that relationship in some transactional context.

Do not focus solely on technical solutions. As with all aspects of a security architecture, a successful trust model must consider people, process, and technology.

Finally, if you remember nothing else from this article, do not forget the following:

  • Failure to understand what trust model (if any) is actually in effect can create a false sense of security that may lead to serious, even catastrophic, financial and legal problems.

  • Adversaries exploit weak trust models.

Source:  https://www.informit.com/articles/article.aspx?p=31546&seqNum=6

 

Regards

 

Caute_Cautim

rslade
Influencer I

Re: What is Trust?

> Caute_cautim (Community Champion) mentioned you in a post! Join the conversation

>     So what exactly
> does your dictionary state and define "Trust"?

trust
extent to which one can have confidence that the system meets its objectives,
that is, that the system does what it claims to do and does not perform unwanted
functions. This is in line with Gene Spafford's famous definition that a secure
computer is one that does what it is supposed to.

There are nine more related definitions.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
If you can't make a mistake, you can't make anything.- Marva Collins
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Caute_cautim
Community Champion

Re: What is Trust?

@rslade   So if any part of your system is compromised, trust would be lost.  If you review Systemic systems, all components are trusted until the point in time, that one or more components cause a failure or compromise to occur.   Nothing is static, and constant review and updates are required at all times.

 

Regards

 

Caute_Cautim

Caute_cautim
Community Champion

Re: What is Trust?

@rsladeHowever, witness the recent security breaches with Fireeye/Solarwinds and Accellion both of which were supply chain issues - so although the organisation may have had all its components tested and verified as a system.  One external component or relationship failed, thus is it became a systemic failure.   So if trust is based on all the components being aligned, verified and one fails, then you have a loss of trust as well as a systemic failure.

 

Regards

 

Caute_cautim

Tags (1)