Fri Dec 5 09:30:08 PST 2014

Control Architecture: Trust model: How is trust assessed and managed?


Options:

{Businesses, Content, People, Systems} x based on {transparency, historical behavior, expertise, transitive trust chains, chain of custody, systematic background checks, psychological factors, external clearances, contracts, nationality, group membership, investigations, credentials, certifications, size, metadata, form and format, diplomatic analysis, etc.} are trusted for {purposes}.

Basis:

Businesses: Entities not within the direct control of the executive management making risk-related decisions.

Content: The meaningful utility that is being protected by the protection program.

People: Human beings, whether employees, other workers, customers, or anyone else.

Systems: Computers, mechanisms, equipment, and collections thereof, including the things that make them work.

Historical behavior: The history over time of behaviors demonstrated is used, often as the best predictor of future performance.

Expertise: In the legal realm., this is identified with knowledge, experience, skill, training, and education.

Transparency: The extent to which process, implementation, and history are available for inspection and the results of such inspection.

Transitive trust chains: The trust of someone you trust, the enemy of my enemy, a friend of a friend of a friend, etc.

Chain of custody: The custody and control of systems and/or content aver the life cycle.

Systematic background checks: Well-defined sets of checks undertaken to find and verify facts about individuals or companies in terms of their past.

Psychological factors: Liking, similarity, behavioral characteristics, looking like others, acting like others, and similar influence properties.

External clearances: Externally defined clearances, such as those granted by governments or partner organizations.

Contracts: Agreements between parties with force of law.

Nationality: Where someone or something originates from or has been determined to be a member of.

Group membership: Memberships of organizations or groups, such as military organizations, clubs, professional societies, award winners, political parties, etc.

Investigations: Detailed reviews of facts based on defined principles with identifiable error rates and reliability.

Credentials: Government credentials such as badges, licenses, etc., professional certificates, degrees, or other third party accreditations.

Certifications: Trusted Systems Evaluation Criteria (TCSEC), Trusted computing group (TCG), Common Criteria (CC), Certified examiners or other professional society or institutional certificates, training certificates, etc.

Size: Depth of financial capacity to handle liabilities, physical characteristics, or other measurable things that justify acceptability of proportional risk.

Metadata: Trust in documentary content often relies on metadata, and this metadata should reasonably be used in all cases as a basis for such trust.

Form and format: The form and format of content must be compatible with interpretive mechanisms in order to assure proper operation and verify identified assertions.

Diplomatic analysis: In-depth analysis of consistency with the methods of creation, use, ingestion, curation, storage, transmission, retention, transformation, disposition, and all other aspects of life cycles in context (i.e., nature of discourse relative to domain of discourse for form and content) are used to establish trust in content.

Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved