292 ◾ Official (ISC)
2
® Guide to the ISSMP® CBK®
© 2011 by Taylor & Francis Group, LLC
e critical needs can be obtained in a consistent manner by using a user depart-
ment questionnaire. e questionnaire focuses on documenting critical activities in
each department and identifying related minimum requirements for sta, equip-
ment, forms, supplies, documentation, facilities, and other resources.
Offshoring Risks
Simple communication is possible without trust, but collaboration is not. High-
value activities require trustworthy environments. e good news is that the need
to distribute trust is highly recognized, resulting in numerous initiatives to create
both new technologies and new social mechanisms. Technology tends to take the
lead, with legal and other social mechanisms following.
e term “community of trust” (CoT) refers to a sociotechnical construct that
meets the communications and security needs for ongoing sharing of sensitive data
across the Internet between multiple organizations. Built on top of the existing
enterprise and the Internet, but not limited to any particular subset of it, a CoT
provides the social conventions and technical standards necessary to support sub-
stantive collaboration, ensuring that initial conditions for trusted collaboration are
met and maintained.
Concerns about controlling conditions of data use have grown as data become
easier to copy. A growing risk since the introduction of the Xerox machine, data
misuse exploded as a concern in the 1990s. Inexpensive computers, a ubiquitous
network, and high-capacity personal storage devices make this goal exponentially
more dicult to attain than it ever was in the past.
ere is, then, a need to develop the strategy to ensure that your BC policy and
plans for your organization accommodate a growing number of requirements for
external access to sensitive organizational information.
In the rush to save costs through outsourcing and take advantage of new business
models, we have often forgotten one of the most fundamental aspects of risk. e
less you know about something, the riskier you must assume that it is. Furthermore,
postmodern philosophies about moral relativism have made it somewhat politically
unacceptable to suggest that some groups of people cannot be trusted as much as
other groups. is ies in the face of human experience that universally puts family
relationships ahead of community relationships, with a culturally dependent set of
increasingly less-trusted communities arranged almost hierarchically beyond that.
Within each recognizable community exists what Francis Fukuyama refers to as a
“radius of trust”; outside of that radius, people feel a lesser obligation toward others.
In terms of a distributed communications model of any kind, the greater the
degree of separation, the harder it is to predict what other people will do. If you
misinterpret your relative standings within the perceived radius of trust, you are
going to underestimate the likelihood that you will come to harm.