Abstract
This article evaluates the role of trust in a specific area of security activity, sensitive information sharing. It begins by exploring the nature of trust, and then moves on to highlight on the one hand some of the security benefits when trust is evident, and on the other the risks that can accrue when trust is misplaced. It then moves on to report the findings from an empirical study by discussing how three key elements: process issues, people issues and technology can, when done well improve the security of information sharing, indeed, it can create additional security opportunities, and when done badly can undermine it. In conclusion the article asserts that the generation of trust is fundamental to effective sensitive information exchange but this poses real challenges including in deciding how much trust is appropriate.
Similar content being viewed by others
References
Aleem, A. and Sprott, C. (2013) Let me in the cloud: Analysis of the benefit and risk assessment of cloud platform. Journal of Financial Crime 20(1): 6–24.
Andress, A. (2003) Surviving Security: How to Integrate People, Process and Technology. Auerbach Publications.
Bailey, T. (2002) On trust and philosophy. The philosophy of trust, Open University Reith Lectures 2002, http://www.open2.net/trust/on_trust/on_trust1.htm, accessed March 2013.
Beautement, A. et al (2008) Modelling the human and technological costs and benefits of USB memory stick security, http://homepages.abdn.ac.uk/d.j.pym/pages/pym-weis-2008.pdf, accessed 14 June 2013.
Bierstaker, J.L. (2009) Differences in attitudes about fraud and corruption across cultures: Theory, examples and recommendations. Cross Cultural Management 16(3): 241–250.
Capelli, D., Moore, A. and Trzeciak, R. (2012) The Cert Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Upper Saddle River, NJ: Pearson Education.
Cavanagh, T.E. (2005) Corporate Security Measures and Practices. The Conference Board, SR-05-01, Conference Board: London, March.
Cofta, P. (2011) The Trustworthy and Trusted Web. Foundations and Trends in Web Science Vol. 2 No. 4 Delft: The Netherlands.
Cook, K., Hardin, R. and Levi, M. (2005) Cooperation without Trust?. New York: Russell Sage Foundation.
Crane, S. and Reinecke, P. (eds.) (forthcoming) Trust Domains Guide: A Guide to Identifying, Modelling, and Establishing Trust Domains.
Denize, S. and Young, L. (2007) Concerning trust and information. Industrial Marketing Management 36(7): 843–1018.
Driscoll, J.W. (1978) Trust and participation in organizational decision making as predictors of satisfaction. The Academy of Management Journal 21(1): 44–56.
Eccles, R.G., Newquist, S.C. and Schatz, R. (2007, February) Reputation and its risks. Harvard Business Review 85(2): 104–114.
Fukuyama, F. (1995) Trust: The social virtues, and the creation of prosperity. New York, NY: The Free Press.
Gill, M. (2013) Engaging the Corporate Sector in Policing: Realities and Opportunities. Policing: A Journal of Policy and Practice 7(3): 273–279.
Gill, M. (ed.) (2014) Exploring some contradictions of modern day security. In: The Handbook of Security. 2nd edn. London: Palgrave Macmillan.
Gill, M.L. and Goldstraw-White, J.E. (2010) Theft and fraud by employees. In: F. Brookman, M. Maguire, H. Pierpoint and T. Bennett (eds.) Handbook of Crime. Uffculme, UK: Willan.
Gill, M. and Howell, C. (2014) Policing Organisations: The Role of the Corporate Security Function and the Implications for Suppliers. International Journal of Police Science and Management 16(1): 65–75.
Gomm, R. (2008) Social Research Methodology: A Critical Introduction. Basingstoke, UK: Palgrave Macmillan.
Hamou-Lhadj, A. and Hamou-Lhadj, A. (2009) A governance framework for building secure IT systems. International Journal of Security and Its Applications 3(2): 15–20.
Haralambos, M. and Cofta, P. (2010) Practitioner’s challenges in designing trust into online systems. Journal of Theoretical and Applied Electronic Commerce Research 5(3): 66.
Hough, M. (2012) Researching trust in the police and trust in justice: A UK perspective. Policing and Society: An International Journal of Research and Policy 22(3): 332–345.
Hough, M., Jackson, J., Bradford, B., Myhill, A. and Quinton, P. (2010) Procedural justice, trust and institutional legitimacy. Policing: A Journal of Policy and Practice 4(3): 203–210.
ISACA. (2009) An introduction to the business model for information security, http://www.isaca.org/Knowledge-Center/Research/Documents/Introduction-to-the-Business-Model-for-Information-Security_res_Eng_0109.pdf, accessed March 2013.
Janes, P. (2012) People, process, and technologies impact on information data loss, http://www.sans.org/reading_room/whitepapers/dlp/people-process-technologies-impact-information-data-loss_34032, accessed 14 June 2013.
Johnson, K. and Grayson, D. (2005) Cognitive and affective trust in service relationships. Journal of Business Research 58(4): 500.
Kelton, K., Fleischmann, K. and Wallace, W. (2008) Trust in digital information. Journal of the American Society for Information Science and Technology 59(3): 363–374.
Keval, H.U. and Sasse, M.A. (2010) Not the usual suspects: A study of factors reducing the effectiveness of CCTV. Security Journal 23(2): 134–154.
Kirschenbaum, A., Mariani, M., Van Gulijk, C., Lubasz, S., Rapoport, C. and Andriessen, H. (2012) Airport security: An ethnographic study. Journal of Air Transport Management 18: 68–73.
Levi, M. (2008) The Phantom Capitalists: The Organisation and Control of Long-Firm Fraud. Aldershot, UK: Ashgate.
Mayer, C. (2008) Trust in financial markets. European Financial Management 14(4): 617–632.
Mcknight, D. and Chervany, N. (1996) The meanings of trust. Carlson School of Management, University of Minnesota, http://misrc.umn.edu/workingpapers/fullpapers/1996/9604_040100.pdf, accessed 12 July 2013.
Moss, K. (2009) Security and Liberty: Restriction by Stealth. Basingstoke, UK: Palgrave Macmillan.
Moss, K. (2011) Balancing Liberty and Security: Human Rights and Human Wrongs. Basingstoke, UK: Palgrave, Macmillan.
Newman, J. (1998) The dynamics of trust. In: A. Coulson (ed.) Trust and Contracts. Bristol, UK: Policy Press.
Nyaupane, G., Graefe, A. and Burns, R. (2009) The role of equity, trust and information on user fee acceptance in protected areas and other public lands: A structural model. Journal of Sustainable Tourism 17(4): 501–517.
Peterson, G. (2010) Don’t trust. And verify: A security architecture stack for the cloud. IEEE Security and Privacy 8(5): 83–86.
Ponemon Institute. (2012) 2011 cost of data breach study United States, http://www.symantec.com/content/en/us/about/media/pdfs/b-ponemon-2011-cost-of-data-breach-us.en-us.pdf, accessed 14 June 2013.
Robinson, S.L. (1996) Trust and breach of the psychological contract. Administrative Science Quarterly 41(4): 574–599.
Sasse, A., Ashenden, D., Lawrence, D., Coles-Kemp, L., Fléchais, I. and Kearney, P. (2007) Human Factors Working Group White Paper: Human Vulnerabilities in Security Systems Knowledge Transfer Networks, University College London: London.
Schneier, B. (2012) Liars and Outliers. New York: Wiley.
Solomon, R.C. (2000) Trusting. In: M. Wrathall and J. Malpas (eds.) Heidegger, Coping, and Cognitive Science: Essays in Honor of Hubert L. Dreyfus. Vol. 2 Cambridge, MA: The MIT Press, pp. 229–244.
Toh, S. and Srinivas, E. (2012) Perceptions of task cohesiveness and organizational support increase trust and information sharing between host country nationals and expatriate coworkers in Oman. Journal of World Business 47(4): 696–705.
Tomkins, C. (2001) Interdependencies, trust and information in relationships, alliances and networks. Accounting, Organizations and Society 26(2): 161–191.
Wang, Y. and Emurian, H. (2005) An overview of online trust: Concepts, elements, and implications. Computers in Human Behavior 21(1): 105–125.
Young, L. (2006) Trust: Looking forward and back. Journal of Business and Industrial Marketing 21(7): 439–445.
Acknowledgements
The project on which research for this study is based was funded by the Technology Strategy Board (Project TP/400206) and EPSRC. Project partners are: HP Labs, Perpetuity Research Limited, Oxford University, Birmingham University, Aberdeen University and University College London. We would like to thank colleagues from partner organisations who helped us develop the ideas in this article and specifically Philipp Reinecke (HP), Simon Arnell (HP), Ruth Crocker, Charlotte Howell, Sarah Webb (Perpetuity Research) and two anonymous referees for comments on earlier drafts of this article.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Gill, M., Crane, S. The role and importance of trust: A study of the conditions that generate and undermine sensitive information sharing. Secur J 30, 734–748 (2017). https://doi.org/10.1057/sj.2015.13
Published:
Issue Date:
DOI: https://doi.org/10.1057/sj.2015.13