Hi,
ISECOM has been working on improving and replacing risk analysis,
assessments and management with trust. Our research has shown dramatic
improvements from using a trust model based on fact over risk models.
OSSTMM 3 (www.osstmm.org) outlines much of this already and I am
beginning to address this at various conferences.
Mastering trust has many benefits for security testing including
improved social engineering, improved attack trees, and improved
competitive intelligence gathering. Additionally, mastering the
ability to see through phishing, scams, PR smoke screens, lies, and
other deceptive practices also has the inverse of teaching how to
improve stealth, cons, and fraud for your security tests.
A basic version of our Mastering Trust seminar presentation is
available here:
http://www.isecom.com/events/Mastering_Trust_Sampler.pdf
Enjoy!
-pete.
--
Pete Herzog - Managing Director - pete@xxxxxxxxxx
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.badpeopleproject.org
