[WG-HealthIDAssurance] [WG-P3] [ARB] [WG-IDAssurance] Trust frameworks at risk ...

Joni Brennan joni at ieee-isto.org
Thu Feb 21 13:00:13 EST 2013


Thanks for pointing to the article and the breakdown regarding relation to
trust frameworks.  Thought provoking indeed.


> And that puts the adoption and use of trust frameworks at risk. The
> heading was the conclusion after my reading ‘between the lines.’
>

I might be a carpenter seeing all hammers and nails here but I actually
would read it between the lines as the alternative position

 - The risks found and cited actually support the urgent need for adoption
of trust frameworks where participants are verified by highly skilled
auditors.


****
>
> ** **
>
> -Nathan
> =-=-=-=-=-=-=-=-
> Nathan Faut, Manager, IT Attestation, Federal Practice, KPMG LLP ****
>
> 1676 International Drive****
>
> Suite 1200
> Mclean, VA 22102****
>
> office: 703-286-6883****
>
> mobile: 301-335-2656****
>
> FAX: 202-403-3126 ****
>
> ** **
>
> *From:* arb-bounces at kantarainitiative.org [mailto:
> arb-bounces at kantarainitiative.org] *On Behalf Of *Richard G. WILSHER
> (@Zygma)
> *Sent:* Thursday, February 21, 2013 12:12 PM
> *To:* 'IAWG'; 'P3WG'; arb at kantarainitiative.org;
> wg-healthidassurance at kantarainitiative.org
> *Cc:* DeVaul, James W
> *Subject:* Re: [ARB] [WG-IDAssurance] [WG-P3] Trust frameworks at risk ...
> ****
>
> ** **
>
> Interesting articles, although I find the numbers hard to believe (i.e.
> exaggerated).  But, Nathan, where does this put trust *frameworks* *per se
> * at risk?  (The articles do not use the word ‘framework’ – I’m assuming
> either you injected it or you clipped it from LinkedIn (and what does that
> tell you)?)  Isn’t it the trust within the organisations that appears to be
> under threat, but can’t trust framework providers apply this knowledge to
> enhance the criteria they apply and thereby the practices which their
> assessors will specifically address?  Because of the pervasive use of PKI I
> suspect that this dilemma has ramifications within the infrastructure
> supporting More than just LoA4, where the PKI is ‘out-front’ because it is
> the technology of the primary credentials.
>
> R****
>
> ** **
>
> *Richard G. WILSHER
> Founder & CEO
> *[image: Description: cid:image001.png at 01CDA23E.6E8F4E90]*
> O:  +1 714 965 99 42
> M: +1 714 797 99 42
> E:**   RGW at Zygma.biz
> **W:** ** **www.Zygma.biz <http://www.zygma.biz/>*****
>
> ** **
>
> *From:* wg-idassurance-bounces at kantarainitiative.org [
> mailto:wg-idassurance-bounces at kantarainitiative.org<wg-idassurance-bounces at kantarainitiative.org>]
> *On Behalf Of *j stollman
> *Sent:* February 21, 2013 16:42
> *To:* Faut, Nathan E
> *Cc:* DeVaul, James W; IAWG; P3WG; arb at kantarainitiative.org;
> wg-healthidassurance at kantarainitiative.org
> *Subject:* Re: [WG-IDAssurance] [WG-P3] Trust frameworks at risk ...****
>
> ** **
>
> Nathan,****
>
> ** **
>
> Thanks for the heads up.****
>
> ** **
>
> Here's the Ponemon Institute's explanation of their methodology in coming
> up with their shockingly high figures:
> http://www.ponemon.org/blog/understanding-the-methodology-and-staggering-costs-in-the-annual-cost-of-failed-trust-report
> ****
>
> ** **
>
> Jeff****
>
> On Thu, Feb 21, 2013 at 11:21 AM, Faut, Nathan E <nfaut at kpmg.com> wrote:**
> **
>
> Colleagues –****
>
>  ****
>
> I saw this article through LinkedIn – I offer it as thought-provoking
> material and without the LinkedIn overhead:****
>
>  ****
>
>
> http://www.securityweek.com/trust-based-attacks-against-ssh-ssl-cost-firms-big-money-report
> ****
>
>  ****
>
>  ****
>
> -Nathan
> =-=-=-=-=-=-=-=-
> Nathan Faut
> Manager, IT Attestation, Federal
> KPMG LLP ****
>
> 1676 International Drive****
>
> Suite 1200
> Mclean, VA 22102****
>
> office: 703-286-6883****
>
> mobile: 301-335-2656****
>
>  ****
>
>  ****
>
>  ****
>
> ***************************************************************************
>
> The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.****
>
> ***************************************************************************
>
> ** **
>
>
> _______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3****
>
>
>
> ****
>
> ** **
>
> --
> Jeff Stollman
> stollman.j at gmail.com
> 1 202.683.8699****
>
> ** **
>
> Truth never triumphs — its opponents just die out.****
>
> Science advances one funeral at a time.****
>
>                                     Max Planck****
>
> ***********************************************************************
> The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter.
> ***********************************************************************
>
>
>
> _______________________________________________
> WG-P3 mailing list
> WG-P3 at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-p3
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-healthidassurance/attachments/20130221/7fabaf6e/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 10010 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-healthidassurance/attachments/20130221/7fabaf6e/attachment-0001.png 


More information about the WG-HealthIDAssurance mailing list