Trust-Enhanced Risk Management

March 17, 2014 (at 9:30 a.m.)

Piotr Cofta

Corporate decisions are made on the basis of risk analysis, and they often miss on recognising the importance of trust as a true cornerstone of corporate security. Trust- Enhanced Risk Management (TERM) integrates trust into risk-based decisions-making, thus allowing companies to benefit from more thorough analysis and leaner risk management without drastically departing from established practices.

The objective of this workshop is to familiarise participants with the concept of TERM and its applicability in a corporate environment. Specifically, the workshop introduces two tools that help participants integrate trust and risk for the purpose of an improved corporate security. These are:

assessment of trustworthiness (Trust-O-Meter)
corrective actions for trust-based risks (Trust Journey)

As the result of the workshop, participants will:

learn to appreciate the fundamental role of trust in corporate security
be able to demonstrate the value of TERM
develop skills to apply selected tools to situations at hand
recognise means by which TERM can be introduced to the corporation
understand the value of diagnostic and corrective actions
deepen the understating of the relationship between risk and trust

This workshop is addressed mostly to corporate risk analysts and managers, specifically from the area of information security. It may benefit both seasoned professionals and those who contemplate entering the profession. No deep knowledge of particular risk management standards is required, but participants are expected to have an appreciation for risk management in general.

Provisional agenda

09:00-10:00:

Objectives and structure of the workshop. Introduction, positioning the problem, relationship between risk and trust, benefits of TERM, methods to introduce TERM.

10:00-12:30:

Trust assessment (Trust-O-Meter). The risk of trusting and methods to assess it. Trust and trustworthiness. Heuristics. Sources of trust. Stages of trust. Evidence. Weighting. Example. Exercise.

10:00-11:00: theory
11:00-11:15: coffee break
11:15-11:45: example
11:45-12:30: exercise
12:30-14:00 lunch break
14:00-16:30

Trust Journey: corrective tool for trust-based risks (trust ‘controls’). Warranted trust as a compensation of risks. Developing trust. Stages of relationship. Transition. Scaling the relationship. Multi-threaded relationships. Breach of trust and recovery. Distrust and deadlocks. Example. Exercise.

14:00-15:00: theory
15:00-15:15: coffee break
15:15-15:45: example
15:45-16:30: exercise
16:30-17:00: Review, lessons learned, conclusions, further references.

Piotr Cofta

Dr Piotr Cofta is managing Security Transformation, having moved from his role as a Chief Researcher, Identity and Trust. Before that, he has been working for many years for Nokia and for Media Lab Europe, concentrating on the relationship between trust, risk, technology and society.

Dr Cofta is a contributor to several international standards; he publishes and speaks frequently. He is an author of several patents and publications, from areas such as trust management, identity and privacy, digital rights management and electronic commerce. He is a CISSP and a senior member of IEEE.

Website: piotr.cofta.net