In the historical trust model, the track record exhibited by an organization in the past, particularly in its risk and cybersecurity-related activities and decisions, can contribute to and help establish a level of trust with other organizations. While validated trust models assume that an organization provides the required level of proof needed to establish trust, obtaining such proof may not always be possible. In such instances, trust may be based on other deciding factors, including the organization’s historical relationship or its recent experience in working with other organizations. For example, if one organization has worked with a second organization for years doing some activity and has not had any negative experiences, the first organization may be willing to trust the second organization in working on another activity, even though the organizations do not share any common experience for that particular activity. Historical trust tends to build up over time, with the more positive experiences contributing to increased levels of trust between organizations. Conversely, negative experiences may cause trust levels to decrease among organizations.
- Electricity Subsector Cybersecurity Risk Management Process, App. E, at 70.