Corporate decisions are made on the basis of risk analysis, and they often miss on recognising the importance of trust as a true cornerstone of corporate security. Trust- Enhanced Risk Management (TERM) integrates trust into risk-based decisions-making, thus allowing companies to benefit from more thorough analysis and leaner risk management without drastically departing from established practices.
The objective of this workshop is to familiarise participants with the concept of TERM and its applicability in a corporate environment. Specifically, the workshop introduces two tools that help participants integrate trust and risk for the purpose of an improved corporate security. These are:
As the result of the workshop, participants will:
This workshop is addressed mostly to corporate risk analysts and managers, specifically from the area of information security. It may benefit both seasoned professionals and those who contemplate entering the profession. No deep knowledge of particular risk management standards is required, but participants are expected to have an appreciation for risk management in general.
Objectives and structure of the workshop. Introduction, positioning the problem, relationship between risk and trust, benefits of TERM, methods to introduce TERM.
Trust assessment (Trust-O-Meter). The risk of trusting and methods to assess it. Trust and trustworthiness. Heuristics. Sources of trust. Stages of trust. Evidence. Weighting. Example. Exercise.
Trust Journey: corrective tool for trust-based risks (trust ‘controls’). Warranted trust as a compensation of risks. Developing trust. Stages of relationship. Transition. Scaling the relationship. Multi-threaded relationships. Breach of trust and recovery. Distrust and deadlocks. Example. Exercise.
Dr Piotr Cofta is managing Security Transformation, having moved from his role as a Chief Researcher, Identity and Trust. Before that, he has been working for many years for Nokia and for Media Lab Europe, concentrating on the relationship between trust, risk, technology and society.
Dr Cofta is a contributor to several international standards; he publishes and speaks frequently. He is an author of several patents and publications, from areas such as trust management, identity and privacy, digital rights management and electronic commerce. He is a CISSP and a senior member of IEEE.
Website: piotr.cofta.net