Financial Breaches Show ‘Trust Model’ Is Broken by Bob West.
From the post:
The one thing the seemingly never-ending string of security breaches highlights is the fact that the current online trust model as we know it is broken. The security compromises at JPMorgan Chase, Home Depot, Dairy Queen, and elsewhere are proof that it is time for industry stakeholders to go back to the drawing board. Clearly, the old model of throwing resources at perimeter defenses, sticking in a few intrusion and anomaly detection tools, patching, and praying is not working.
It’s bad enough when major retailers like Home Depot get compromised. It’s much worse when JPMorgan Chase, the nation’s largest bank, says intruders were able to break into its systems and steal data on a staggering 83 million consumer and commercial accounts. Having served as the Chief Information Security Officer at Fifth Third Bank and Bank One, respectively in Cincinnati and Columbus, Ohio, I can speak from personal experience. It’s a full-blown crisis when more than a dozen major financial services companies admit to having their networks being probed for weaknesses by the same attackers as those behind the Chase breach. This reflects the increasing technical sophistication and the audacity of those behind these attacks.
…(emphasis added)
I mention Bob’s post because it isn’t clear, at least to me, what “…current online trust model….” he is talking about? I did some lite searching and found any number of papers, posts, emails, etc., on trust models. So far as I could tell, none of them qualified as “…current online trust model….”
It there some commonly accepted online trust model that I have overlooked?
I ask because if there is no common notion of online trust model, misunderstandings and disappointments in security discussions are sure to follow.
Where would you start to define an online trust model? What are the important models to map one to another?