Trustworthiness in the Information Age

Introduction

In our Information Age where the vast majority of systems and devices are now able to connect to the internet and communicate with each other the trustworthiness of how we communicate, the devices we use and the networks they run becomes critical. But there is a slight problem it is difficult to prove trustworthiness but also maintain it and to have confidence in we operate in this environment this is a problem worth discussing. 

Definition of  Trustworthiness: At it is most simple is the Quality of being authentic and reliable. In cybersecurity, the Industrial Internet Consortium (IIC) defines trustworthiness as the degree of confidence one has that a system performs as expected.

In our daily lives, trustworthiness inks to the problem of fake news and/or disinformation campaigns which stem from social media and can when comes to services and systems if can be used to harm the reputation of services and companies. This is due to the weaponisation of context in order to spread hateful ideas. This is effective because our relationship with data/information is rarely rational instead our relationship to information is a mainly emotional one. This makes verifying trustworthiness vital.

Facets of Trustworthiness include:
  • Resilience,
  • Security, 
  • Privacy, 
  • Safety, 
  • Reliability
  • Availability, concurrently in addition to its normal business function.
Verify Trustworthiness

To protect and maintain trustworthiness it has to be verifiable. One solution is to provide independent continuous testing from 3rd parties using live threat feeds against vendor systems - something of benefit to the client and the vendor. This kind of test harness, off-line from their systems, should become the norm if we really want to understand our performance and continually improve and optimise our defences. But such an approach will be expensive and only viable for resource and rich organisations. 

A second solution during the design and development phase of a system/service/device is A continuous validation and veri­fication process. Validation ensures the requirements correctly capture the users’ and stakeholders’ expectations and should be performed whenever a translation of requirements from one domain to another occurs. With verification referring to activities that ensure the product is built correctly by assessing whether it meets its specifications. Validation refers to activities that ensure the right product is built by determining whether it meets customer expectations and fulfils speci­fic user-defined intended purposes.

Thirdly, with trustworthiness is tied reputation which is affected by security in an age of data breaches and leaks. Reputation means providing the user with assurance that your service is a reputable brand, that your users will have reliable experience  and that you stand behind your products. With security means providing users with a guarantee that your service is secure. You may know your service is secure, but don’t assume users do. 

As well, to build a trustworthy network, the protection of security, privacy, and reliability of major network components must be ensured. The solutions to improve the protection, in general, can be categorised into three types: technology, policy, and education.


  • Technology: Technical solutions, no matter hardware or software, relating to the protection of network security, privacy, and reliability are included in this category. For instances: hardware and software access control, intrusion detection, firewall, cryptosystem and tools, redundant systems
  •  Policy: Are regulations and rules in the workplace relating to the protection of network security, privacy, and reliability. Policies binding to the expectations of employees perform as organisation laws. These expectations including acceptable and unacceptable behaviours must be described in detail and distributed to all individuals who are agreed to comply with them. Once policies relating to the protection of network security, privacy, and reliability are issued. Administration in the organisation must enforce them without a doubt
  •  Education: Includes formal and informal training programs relating to the protection of network security, privacy, and reliability. Employees involving in network security, privacy, and reliability operations should ideally possess relevant degrees and certificates addressed in the employment policy, though it should be noted degrees and certifications are not a reliable method of competence.

In a globally connected environment, we have to aware how trust is perceived varies between countries and cultural which means often additional steps may need to be taken to prove or verify trustworthiness in different regions when compared an organisations home region.

Conclusion

Hopefully, this post has raised some thoughts and ideas about the importance of trustworthiness in the  information age along with how it can be achieved and verified. In the end, trustworthiness is a continuous goal with no fixed point as it changes with circumstances and how it is linked to other elements of a system. While this increases the complexity of ensuring trustworthiness it doesn't make it impossible. It is something which is vital to be aiming for.


Sources

http://www.businessdictionary.com/definition/trustworthiness.html
https://en.industryarena.com/wibu-systems/blog/cybersecurity-and-trustworthiness-in-it-ot--14082.html
https://apmg-international.com/article/trust-verify-future-digital-it-secure
https://www.infoq.com/articles/ieee-verification-and-validation-for-software-systems/
https://neilpatel.com/blog/build-a-trustworthy-website/
https://www.omicsonline.org/open-access/challenges-in-building-a-trustworthy-network-2332-0796-2-111.php?aid=18032

Comments

Popular posts

Balancing functionality, usability and security in design

Personal Interest - Unbuilt fleets of the Royal Navy

Personal Interest - RAF Unbuilt Projects