Trust: An Element of Information Security

  • Stephen Flowerday
  • Rossouw von Solms
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 201)

Abstract

Information security is no longer restricted to technical issues but incorporates all facets of securing systems that produce the company’s information. Some of the most important information systems are those that produce the financial data and information. Besides securing the technical aspects of these systems, one needs to consider the human aspects of those that may ‘corrupt’ this information for personal gain. Opportunistic behaviour has added to the recent corporate scandals such as Enron, WorldCom, and Parmalat. However, trust and controls help curtail opportunistic behaviour, therefore, confidence in information security management can be achieved. Trust and security-based mechanisms are classified as safeguard protective measures and together allow the stakeholders to have confidence in the company’s published financial statements. This paper discusses the concept of trust and predictability as an element of information security and of restoring stakeholder confidence. It also argues that assurances build trust and that controls safeguard trust.

References

  1. 1.
    Camp, L.J.: Designing for Trust. In: Falcone, R., Barber, S., Korba, L., Singh, M., (eds.): Trust, Reputation, and Security: Theories and Practice. Springer-Verlag; Berlin Heidelberg New York (2002) 15–29.Google Scholar
  2. 2.
    Ratnasingham, P., Kumar, K.: Trading Partner Trust in Electronic Commerce Participation. (2000)http://portal.acm.org/citation.cfin?id=3598.Google Scholar
  3. 3.
    King II Report: King Report on Corporate Governance for South Africa. Institute of Directors in Southern Africa (2002) 17–19.Google Scholar
  4. 4.
    Handfield, R.B., Nichols Jr., E.L.: Supply Chain Redesign: Transforming Supply Chains into Integrated Value Systems. Financial Times Prentice Hall, New Jersey (2002).Google Scholar
  5. 5.
    Rousseau, D.M., Sitkin, S.B., Burt, R.S., Camerer, C.: Not So Different After All: A Cross-Discipline View of Trust. Academy of Management Review. Vol. 23(3) (1998) 391–404.Google Scholar
  6. 6.
    Johnson-George, C, Swap, W.C.: Measurement of Specific Interpersonal Trust: Construction and validation of a scale to assess trust in a specific other. Journal of Personality and Social Psychology. Vol. 43(6) (1982) 1306–1317.CrossRefGoogle Scholar
  7. 7.
    Mayer, R.C., Davis, J.H., Schoorman, F.D.: An Integrative Model of Organizational Trust. Academy of Management Review. Vol. 20(3) (1995) 709–734.CrossRefGoogle Scholar
  8. 8.
    Pearce, W.B.: Trust in interpersonal communication. Speech Monographs. Vol. 41(3) (1974)236–244.CrossRefGoogle Scholar
  9. 9.
    Berger, C.R., Calabrese, R.J.: Some Explorations in Initial Interaction and Beyond: Toward a developmental theory of interpersonal communication. Human Communication Research. Vol. 1(1975)99–112.CrossRefGoogle Scholar
  10. 10.
    Berger, C.R.: Communicating Under Uncertainty. In Roloff, M., Miller, G. (eds.): Interpersonal Processes: New directions in communication research. Sage, Newbury Park USA (1987) 39–62.Google Scholar
  11. 11.
    Mishra, A.K.: Organizational Responses To Crisis: The centrality of trust. In Kramer, R.M., Tyler, T.R., (eds.): Trust in organizations: Frontiers of theory and research. Sage, California (1996) 261–287.Google Scholar
  12. 12.
    Abrams, L.C., Cross, R., Lesser, E., Levin, D.Z.: Nurturing Interpersonal Trust in Knowledge-sharing Networks. Academy of Management. Vol. 17(4) (2003) 64–77.Google Scholar
  13. 13.
    Larzelere, R.E., Huston, T.L.: The Dyadic Trust Scale: Toward understanding interpersonal trust in close relationships. Journal of Marriage and the Family. Vol. 42 (1980) 595–604.CrossRefGoogle Scholar
  14. 14.
    Gefen, D., Rao, V.S., Tractinsky, N.: The Conceptualization of Trust, Risk and Their Relationship in Electronic Commerce: The Need for Clarification. IEEE Computer Society (2002) http://csdl.computer.org/comp/proceedings/hicss/2003/1874/07/187470192b.pdf.Google Scholar
  15. 15.
    Von Neumann, J., Morgenstern, O.: Theory of Games and Economic Behaviour. Princeton University Press, Princeton USA (1953).Google Scholar
  16. 16.
    Kimbrough, S.O.: Foraging for Trust: Exploring Rationality and the Stag Hunt Game. (2005) http://opim.wharton.upenn.edu/~sok/sokpapers/2005/itrust-2005-fmal.pdf.Google Scholar
  17. 17.
    Murphy, P.: Game Theory Models for Organizational/Public Conflict. Canadian Journal of Communication. Vol. 16(2) (1991) http://mfo.wlu.ca/~wwwpress/jrls/cjc/BackIssues/16.2/murphy.html.Google Scholar
  18. 18.
    Hayes, F.: Is Game Theory Useful for the Analysis and Understanding of Decision Making in Economics? (2005) http://www.maths.tcd.ie/local/JUNK/econrev/ser/html/game.html.Google Scholar
  19. 19.
    Khare, R., Rifkin, A.: Weaving a Web of Trust. (1998) http://www.w3j.com/7/s3.rifkin.wrap.htmlGoogle Scholar
  20. 20.
    Axelrod, R.: The Complexity of Cooperation: Agent-Based Models of Competition and Collaboration. Princeton University Press, New Jersey (1997)Google Scholar
  21. 21.
    Zand, D.E.: Trust and Managerial Problem Solving. Administrative Science Quarterly. Vol. 17(2) (1972) 229–239.CrossRefGoogle Scholar
  22. 22.
    Clarke, T.: Theories of Corporate Governance: The Philosophical Foundations of Corporate Governance. Routledge UK (2004) 11.Google Scholar
  23. 23.
    Kydd, A. H.: Trust and Mistrust in International Relations. Princeton University Press, Princeton USA (2005) 7–12.Google Scholar
  24. 24.
    Axelrod, R.: The Evolution of Cooperation. Basic Books, New York (1984).Google Scholar
  25. 25.
    Partington, A. (ed.): The Oxford Dictionary of Quotations, 4th ed. University Press, New York Oxford (1996).Google Scholar
  26. 26.
    Humphrey, J. Schmitz, H.: Trust and Inter Firm Relations in Developing and Transition Economies. Journal of Development Studies. Vol. 34(4) (1998) 33–61.Google Scholar
  27. 27.
    Noorderhaven, N.G.: Opportunism and Trust in Transaction Cost Economies. In: Groenewegen, J., (ed.): Transaction Cost Economics and Beyond. Kluwer Academic, Boston (1996) 105–128.Google Scholar
  28. 28.
    Luhmann, N.: Familiarity, Confidence, Trust: Problems and Alternatives. In: Gambetta, D.G., (ed.): Trust: Making and Breaking Cooperative Relations. Basil Blackwell, New York (1988) 94–107.Google Scholar
  29. 29.
    Limerick, D., Cunnington, B.: Managing the new organization: A Blueprint for Networks and Strategic Alliances. Jossey-Bass, San Francisco (1993).Google Scholar
  30. 30.
    Camp, L.J.: Trust and Risk in Internet Commerce. The MIT Press, England (2000).Google Scholar
  31. 31.
    Greenstein, M., Vasarhelyi, M.: Electronic Commerce: Security, Risk, Management and Control, 2nd ed. McGraw-Hill, New York (2002).Google Scholar
  32. 32.
    DeMaio, H.B.: B2B and Beyond: New Business Models Built on Trust. John Wiley & Sons, USA (2001).Google Scholar
  33. 33.
    Cox, R., Marriott, I.: Trust and Control: The Key to Optimal Outsourcing Relationships. Gartner database (2003).Google Scholar
  34. 34.
    Fukuyama, F.: Trust: the Social Virtues and the Creation of Prosperity. Free Press USA (1996) 27.Google Scholar
  35. 35.
    Todd, A.: The Challenge of Online Trust: For online and offline business. (2005) http://www.trustenablement.com/trust_enablement.htm#RiskManagement.Google Scholar
  36. 36.
    Turbull Report. Internal Control: Guidance for Directors on the Combined Code. The Institute of Chartered Accountants in England & Wales (1999/2005).Google Scholar
  37. 37.
    Gerck, E.: End-To-End IT Security. (2002) http://www.nma.com/papers/e2e-security.htm.Google Scholar
  38. 38.
    Bavoso, P.: Is Mistrust Holding Back Supply-Chain Efforts? Optimize, and InformationWeek (2002) http://www.optimizemag.com/printer/014/pr_squareoff_yes.html.Google Scholar

Copyright information

© International Federation for Information Processing 2006

Authors and Affiliations

  • Stephen Flowerday
    • 1
  • Rossouw von Solms
    • 1
  1. 1.The Centre for Information Security StudiesNelson Mandela Metropolitan UniversityPort ElizabethSouth Africa

Personalised recommendations