Saturday, March 09, 2019

Trust: In Pursuit of Implicity...

RSA 2019 was another event for the vast spectrum of security and privacy professionals to reflect on, regardless of the color of hat you wear.  One word seemed to be prevalent in this years atmosphere:


trust (trÅ­st)n.

1. Firm reliance on the integrity, ability, or character of a person or thing.
—Related forms
trust·a·ble, adjective
trust·a·bil·i·ty, noun
truster, noun

—Synonyms 1. certainty, belief, faith. Trust, assurance, confidence imply a feeling of security. Trust implies instinctive unquestioning belief in and reliance upon something: to have trust in one's parents.
To have real trust in something or someone, you don't even think about it. It's implicit.

If you start to think about it, then it is not really trust in it's purest form. In Operational Risk Management (ORM), we are always in pursuit of trust. We want to trust our sensors, monitors and fail safe process.

Yet we know that this is why we train for contingencies. Because failure is always a possibility, even if it has a .00000000000099 probability.

As a true Operational Risk professional, you train for the remote possibility of failure and create alternative scenarios to test your contingencies. And when you find what works through exercises and experimentation, you put that in your memory bank or cache of alternatives. Never knowing when you will have to use it again.

And when it comes to trust and human beings, there is only one way we know you can get to implicity. It is through testing, training and observable behaviors.

And when this person or software algorithm has demonstrated that they are able to repeat the tasks, actions and behaviors with a .00000000000099 probability of failure, that is when trust begins to become inherent.
"Trust will not be accomplished 100% through AI / ML technologies when humans are still creating and writing the code. Nor the convergence of information in a database. It can only be forged through actions and observable behaviors."
Outcomes based upon sound planning, training, testing and continuous contingency operations. Only then will we reach the level of implicity we seek.

No comments: