This is the original set of slides with more context about the idea of Risk and Trust "perspectives."

In order to overcome the technocentric focus in Information Security and Identity Management, I proposed some years ago a model which correlates all aspects of Risk and Trust Management. It offers a much wider perspective which avoids the exclusive fixation on "risk avoidance."

Many managerial debates lose themselves into a vicious circle. People try to "predict" or "estimate" possible futures, while at the same time very little effort is put on determining the future. This is undoubtedly wrong. Independently of predicting or not predicting the "future" --for example the consequences of a particular public policy--what really matter is … Continue reading Action and Prediction

Identity Data concerns also change in the context of the new, evolving network models. When organisations move beyond the traditional "perimeter", and when authentication and authorisation mechanisms need to enable users moving in a fluid way reaching the resources they want, a new security "zoning" model is necessary. The common "enterprise" model with a single … Continue reading Segmentation of the Risk Space and Adaptive Security

Many Identity Management efforts --including large programmes-- are severely limited by the way organisations perceive their requirements. Demand for change and technology upgrades drive the IAM projects while Security and Business benefits are left in the background or even ignored. It is evident that IAM is still seen primarily as a "technology" to improve user … Continue reading Expanding the Frame of Risk and Trust Management

In  “Recent Contributions to the Mathematical Theory of Communication”  (University of Illinois Press, Urbana, 1964) Warren Weaver summarised the paradoxical character of Information Theory (as formulated by C. Shannon): “2.2 Information “The word information, in this theory, is used in a special sense that must not be confused with its ordinary usage. In particular, information … Continue reading Information Theory

A transition to “complete” Security (in the sense described in the previous sections) requires a rediscovery of the context, this complex mesh of relationships through which we live and operate. This change must leverage a recognition of the personal, psychological, organisational and technical aspects. In following this path we need to base the IT disciplines … Continue reading Security Lost and Recovered (and 4)

A “complete Security” approach –in the sense I introduced in the previous article (https://carlos-trigoso.com/2014/04/28/security-lost-and-recovered-2/ ) applies a modal logic to grasp the fundamental aspects of any Security arrangement. This is a “deontic logic,” i.e. a logic of obligation, prohibition, interdiction and permission, which is able to represent the various moments of a Security model. In … Continue reading Security Lost and Recovered (3)

A “complete” security strategy can be understood if we adopt an “information-theoretical” point of view. To do so, it is useful to describe the approach in the same way as we would consider a business model. A high level model of a business architecture shows the relationships between the participants, and the different functions and … Continue reading Security Lost and Recovered (2)