Over the past three weeks an ongoing LinkedIn thread titled “Shall we trust our employees or not?” has continued to be a hot topic of debate. There simply appears to be no agreement among all the contributors. Trust is relative. You can always trust an employee or an organization, but the key is to what extent. You can also always trust that particular characteristics or actions will be repeated by each entity. For example, some employees will always keep a secret while others will always tell at least one other person. Therefore, you can trust one person to keep a secret and you can also trust the other person to tell your secret. Simply put its a matter of behavior and action over time that should be used to build the trust model.
When referring to trust among organizations Section 2.6.1 Establishing Trust Among Organizations in NIST SP800-39 provides the best explanation.
Parties enter into trust relationships based on mission and business needs. Trust among parties typically exists along a continuum with varying degrees of trust achieved based on a number of factors. Organizations can still share information and obtain information technology services even if their trust relationship falls short of complete trust. The degree of trust required for organizations to establish partnerships can vary widely based on many factors including the organizations involved and the specifics of the situation (e.g., the missions, goals, and objectives of the potential partners, the criticality/sensitivity of activities involved in the partnership, the risk tolerance of the organizations participating in the partnership, and the historical relationship among the participants). Finally, the degree of trust among entities is not a static quality but can vary over time as circumstances change.