Advertisement

Security Journal

, Volume 30, Issue 3, pp 734–748 | Cite as

The role and importance of trust: A study of the conditions that generate and undermine sensitive information sharing

  • Martin Gill
  • Stephen Crane
Original Article

Abstract

This article evaluates the role of trust in a specific area of security activity, sensitive information sharing. It begins by exploring the nature of trust, and then moves on to highlight on the one hand some of the security benefits when trust is evident, and on the other the risks that can accrue when trust is misplaced. It then moves on to report the findings from an empirical study by discussing how three key elements: process issues, people issues and technology can, when done well improve the security of information sharing, indeed, it can create additional security opportunities, and when done badly can undermine it. In conclusion the article asserts that the generation of trust is fundamental to effective sensitive information exchange but this poses real challenges including in deciding how much trust is appropriate.

Keywords

trust sensitive information sharing information security 

Notes

Acknowledgements

The project on which research for this study is based was funded by the Technology Strategy Board (Project TP/400206) and EPSRC. Project partners are: HP Labs, Perpetuity Research Limited, Oxford University, Birmingham University, Aberdeen University and University College London. We would like to thank colleagues from partner organisations who helped us develop the ideas in this article and specifically Philipp Reinecke (HP), Simon Arnell (HP), Ruth Crocker, Charlotte Howell, Sarah Webb (Perpetuity Research) and two anonymous referees for comments on earlier drafts of this article.

References

  1. Aleem, A. and Sprott, C. (2013) Let me in the cloud: Analysis of the benefit and risk assessment of cloud platform. Journal of Financial Crime 20(1): 6–24.CrossRefGoogle Scholar
  2. Andress, A. (2003) Surviving Security: How to Integrate People, Process and Technology. Auerbach Publications.CrossRefGoogle Scholar
  3. Bailey, T. (2002) On trust and philosophy. The philosophy of trust, Open University Reith Lectures 2002, http://www.open2.net/trust/on_trust/on_trust1.htm, accessed March 2013.
  4. Beautement, A. et al (2008) Modelling the human and technological costs and benefits of USB memory stick security, http://homepages.abdn.ac.uk/d.j.pym/pages/pym-weis-2008.pdf, accessed 14 June 2013.
  5. Bierstaker, J.L. (2009) Differences in attitudes about fraud and corruption across cultures: Theory, examples and recommendations. Cross Cultural Management 16(3): 241–250.CrossRefGoogle Scholar
  6. Capelli, D., Moore, A. and Trzeciak, R. (2012) The Cert Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Upper Saddle River, NJ: Pearson Education.Google Scholar
  7. Cavanagh, T.E. (2005) Corporate Security Measures and Practices. The Conference Board, SR-05-01, Conference Board: London, March.Google Scholar
  8. Cofta, P. (2011) The Trustworthy and Trusted Web. Foundations and Trends in Web Science Vol. 2 No. 4 Delft: The Netherlands.Google Scholar
  9. Cook, K., Hardin, R. and Levi, M. (2005) Cooperation without Trust?. New York: Russell Sage Foundation.Google Scholar
  10. Crane, S. and Reinecke, P. (eds.) (forthcoming) Trust Domains Guide: A Guide to Identifying, Modelling, and Establishing Trust Domains.Google Scholar
  11. Denize, S. and Young, L. (2007) Concerning trust and information. Industrial Marketing Management 36(7): 843–1018.CrossRefGoogle Scholar
  12. Driscoll, J.W. (1978) Trust and participation in organizational decision making as predictors of satisfaction. The Academy of Management Journal 21(1): 44–56.CrossRefGoogle Scholar
  13. Eccles, R.G., Newquist, S.C. and Schatz, R. (2007, February) Reputation and its risks. Harvard Business Review 85(2): 104–114.Google Scholar
  14. Fukuyama, F. (1995) Trust: The social virtues, and the creation of prosperity. New York, NY: The Free Press.Google Scholar
  15. Gill, M. (2013) Engaging the Corporate Sector in Policing: Realities and Opportunities. Policing: A Journal of Policy and Practice 7(3): 273–279.CrossRefGoogle Scholar
  16. Gill, M. (ed.) (2014) Exploring some contradictions of modern day security. In: The Handbook of Security. 2nd edn. London: Palgrave Macmillan.CrossRefGoogle Scholar
  17. Gill, M.L. and Goldstraw-White, J.E. (2010) Theft and fraud by employees. In: F. Brookman, M. Maguire, H. Pierpoint and T. Bennett (eds.) Handbook of Crime. Uffculme, UK: Willan.Google Scholar
  18. Gill, M. and Howell, C. (2014) Policing Organisations: The Role of the Corporate Security Function and the Implications for Suppliers. International Journal of Police Science and Management 16(1): 65–75.CrossRefGoogle Scholar
  19. Gomm, R. (2008) Social Research Methodology: A Critical Introduction. Basingstoke, UK: Palgrave Macmillan.CrossRefGoogle Scholar
  20. Hamou-Lhadj, A. and Hamou-Lhadj, A. (2009) A governance framework for building secure IT systems. International Journal of Security and Its Applications 3(2): 15–20.Google Scholar
  21. Haralambos, M. and Cofta, P. (2010) Practitioner’s challenges in designing trust into online systems. Journal of Theoretical and Applied Electronic Commerce Research 5(3): 66.Google Scholar
  22. Hough, M. (2012) Researching trust in the police and trust in justice: A UK perspective. Policing and Society: An International Journal of Research and Policy 22(3): 332–345.CrossRefGoogle Scholar
  23. Hough, M., Jackson, J., Bradford, B., Myhill, A. and Quinton, P. (2010) Procedural justice, trust and institutional legitimacy. Policing: A Journal of Policy and Practice 4(3): 203–210.CrossRefGoogle Scholar
  24. ISACA. (2009) An introduction to the business model for information security, http://www.isaca.org/Knowledge-Center/Research/Documents/Introduction-to-the-Business-Model-for-Information-Security_res_Eng_0109.pdf, accessed March 2013.
  25. Janes, P. (2012) People, process, and technologies impact on information data loss, http://www.sans.org/reading_room/whitepapers/dlp/people-process-technologies-impact-information-data-loss_34032, accessed 14 June 2013.
  26. Johnson, K. and Grayson, D. (2005) Cognitive and affective trust in service relationships. Journal of Business Research 58(4): 500.CrossRefGoogle Scholar
  27. Kelton, K., Fleischmann, K. and Wallace, W. (2008) Trust in digital information. Journal of the American Society for Information Science and Technology 59(3): 363–374.CrossRefGoogle Scholar
  28. Keval, H.U. and Sasse, M.A. (2010) Not the usual suspects: A study of factors reducing the effectiveness of CCTV. Security Journal 23(2): 134–154.CrossRefGoogle Scholar
  29. Kirschenbaum, A., Mariani, M., Van Gulijk, C., Lubasz, S., Rapoport, C. and Andriessen, H. (2012) Airport security: An ethnographic study. Journal of Air Transport Management 18: 68–73.CrossRefGoogle Scholar
  30. Levi, M. (2008) The Phantom Capitalists: The Organisation and Control of Long-Firm Fraud. Aldershot, UK: Ashgate.Google Scholar
  31. Mayer, C. (2008) Trust in financial markets. European Financial Management 14(4): 617–632.CrossRefGoogle Scholar
  32. Mcknight, D. and Chervany, N. (1996) The meanings of trust. Carlson School of Management, University of Minnesota, http://misrc.umn.edu/workingpapers/fullpapers/1996/9604_040100.pdf, accessed 12 July 2013.
  33. Moss, K. (2009) Security and Liberty: Restriction by Stealth. Basingstoke, UK: Palgrave Macmillan.CrossRefGoogle Scholar
  34. Moss, K. (2011) Balancing Liberty and Security: Human Rights and Human Wrongs. Basingstoke, UK: Palgrave, Macmillan.CrossRefGoogle Scholar
  35. Newman, J. (1998) The dynamics of trust. In: A. Coulson (ed.) Trust and Contracts. Bristol, UK: Policy Press.Google Scholar
  36. Nyaupane, G., Graefe, A. and Burns, R. (2009) The role of equity, trust and information on user fee acceptance in protected areas and other public lands: A structural model. Journal of Sustainable Tourism 17(4): 501–517.CrossRefGoogle Scholar
  37. Peterson, G. (2010) Don’t trust. And verify: A security architecture stack for the cloud. IEEE Security and Privacy 8(5): 83–86.CrossRefGoogle Scholar
  38. Ponemon Institute. (2012) 2011 cost of data breach study United States, http://www.symantec.com/content/en/us/about/media/pdfs/b-ponemon-2011-cost-of-data-breach-us.en-us.pdf, accessed 14 June 2013.
  39. Robinson, S.L. (1996) Trust and breach of the psychological contract. Administrative Science Quarterly 41(4): 574–599.CrossRefGoogle Scholar
  40. Sasse, A., Ashenden, D., Lawrence, D., Coles-Kemp, L., Fléchais, I. and Kearney, P. (2007) Human Factors Working Group White Paper: Human Vulnerabilities in Security Systems Knowledge Transfer Networks, University College London: London.Google Scholar
  41. Schneier, B. (2012) Liars and Outliers. New York: Wiley.Google Scholar
  42. Solomon, R.C. (2000) Trusting. In: M. Wrathall and J. Malpas (eds.) Heidegger, Coping, and Cognitive Science: Essays in Honor of Hubert L. Dreyfus. Vol. 2 Cambridge, MA: The MIT Press, pp. 229–244.Google Scholar
  43. Toh, S. and Srinivas, E. (2012) Perceptions of task cohesiveness and organizational support increase trust and information sharing between host country nationals and expatriate coworkers in Oman. Journal of World Business 47(4): 696–705.CrossRefGoogle Scholar
  44. Tomkins, C. (2001) Interdependencies, trust and information in relationships, alliances and networks. Accounting, Organizations and Society 26(2): 161–191.CrossRefGoogle Scholar
  45. Wang, Y. and Emurian, H. (2005) An overview of online trust: Concepts, elements, and implications. Computers in Human Behavior 21(1): 105–125.CrossRefGoogle Scholar
  46. Young, L. (2006) Trust: Looking forward and back. Journal of Business and Industrial Marketing 21(7): 439–445.CrossRefGoogle Scholar

Copyright information

© Macmillan Publishers Ltd 2016

Authors and Affiliations

  • Martin Gill
    • 1
  • Stephen Crane
    • 2
  1. 1.PRCI LtdKentUK
  2. 2.HP LabsBRISTOLUK

Personalised recommendations