34 Trust assurance in SSI ecosystems

 

Scott Perry CPA, CISA

    In Chapter 11 on governance frameworks, we explain how the trustworthiness of digital transactions is assured through a framework of policies, accountability requirements, and skilled participants who play contributing roles for the benefit of all members of a digital trust ecosystem. This chapter explores how digital trust is created and maintained in such an ecosystem through the development and operationalization of a trust assurance framework to achieve the appropriate risk mitigation for all stakeholders. Scott Perry is the founder of a nationally-operating U.S. CPA firm specializing in cybersecurity consulting and auditing—and one of only a handful of CPA firms licensed to issue WebTrust opinion reports over Certificate Authorities who issue digital certificates to websites. Among his many other roles, Scott is also co-chair of the ToIP Governance Stack Working Group.

    34.1 Introduction

    "Trust is like blood pressure. It's silent, vital to good health, and if abused it can be deadly."

    Trust is a human concept. It is hard to quantify, yet humans clearly know if it’s not there. It binds people together stronger than commercial adhesive, yet you cannot see it, touch it, or taste it. There are enough books on the topic to fill a library, yet it seems that we still live in a world without trust.

    34.2 Risk Drives the Need for Trust

    34.3 How Trust is Created

    34.4 The Requirements of Transitive Trust

    34.5 Governed Parties in a Trust Assurance Framework

    34.6 Trust Criteria

    34.6.1 Generally Accepted Trust Criteria

    34.6.2 Industry-Specific Trust Criteria

    34.6.3 Jurisdiction-Specific Trust Frameworks

    34.6.4 Ecosystem-Specific Trust Criteria

    34.7 Assurance Levels

    34.8 Trust Evidence

    34.9 Trust Mechanisms

    34.10 Accountability and Value

    34.11 Steps to Implementing a Trust Assurance Strategy

    34.12 Conclusion: Critical Success Factors for Ecosystem Trust Assurance