@rsladeDo we get signed autograph copies of your books?
So what exactly does your dictionary state and define "Trust"? Or even Zero Trust?
Onward we go to under stand the word "Trust"
Trust Modeling for Security Architecture Development by Sun Microsystems 2003
As with many seemingly complex concepts, a good starting point is to consider the commonplace, everyday meaning of a word. Trust is an important part of our lives and it has numerous definitions. Consider questions like the following, which we deal with regularly even if we don't formalize a model:
What does it take to establish trust?
How do I determine the degree of trust to assign to an individual or process?
Would I trust a recommendation from an auto mechanic or a child care provider the same way?
According to the ITU-T X.509, Section 3.3.54, trust is defined as follows:
"Generally an entity can be said to 'trust' a second entity when the first entity makes the assumption that the second entity will behave exactly as the first entity expects."
For the sake of defining trust and trust modeling relative to security architecture methodology, the following set of principles or elements are offered:
Trust is a characteristic and quality of a security architecture.
Trust is a balancing of liability and due diligence. For example, you must decide how much effort to expend to reduce liability to an acceptable level for a particular business proposition and stated security policy. You must establish an equilibrium of trust.
Do not focus solely on technical solutions. As with all aspects of a security architecture, a successful trust model must consider people, process, and technology.
Finally, if you remember nothing else from this article, do not forget the following:
Failure to understand what trust model (if any) is actually in effect can create a false sense of security that may lead to serious, even catastrophic, financial and legal problems.
Adversaries exploit weak trust models.
@rslade So if any part of your system is compromised, trust would be lost. If you review Systemic systems, all components are trusted until the point in time, that one or more components cause a failure or compromise to occur. Nothing is static, and constant review and updates are required at all times.
@rsladeHowever, witness the recent security breaches with Fireeye/Solarwinds and Accellion both of which were supply chain issues - so although the organisation may have had all its components tested and verified as a system. One external component or relationship failed, thus is it became a systemic failure. So if trust is based on all the components being aligned, verified and one fails, then you have a loss of trust as well as a systemic failure.