Evaluating trust is hardly a subjective process. For this decision, you must rely on proof. Such proof is not only very hard and expensive to establish, but it is clearly absent in the overwhelming majority of all of the hardware and software in our fragile infrastructures.

You need proof that an architecture (be it for a system, for a network, or for an application) can actually support the desired policy. Yeah, I know - what policy? Well, one that is adequate to support the goals and expectations of the enterprise or person concerned.

Then, you need proof that the right level of security engineering and design were done as validated by assessment against the engineering and design goals. And then, proof that the implementation, deployment, management, and operation actually achieve the desired policy. Once that is all in place, periodic assessment is in order in order to ensure that the policy, and engineering and design goals continue to be met.

Trusting people and organizations is certainly an important part of the equation, however, to loosely paraphrase an old saw: In God we trust, everyone else brings proof, and I am not sure about her.

And, you can quote me on that ;)

Ray Kaplan 20051207


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/373/32791#32791