MODEL FOR TRUST WITHIN INFORMATION

TECHNOLOGY MANAGEMENT

Dayse de Mello Benzi, Rafael Timóteo de Sousa Júnior

Network Engineering Department,Universidade de Brasília, Brasília, Brasil

Christophe Bidan, Ludovic Mé

Network and Information Systems Security Group, Ecole Supérieure d’Électricité, Rennes, France

Keywords: Information Technology (IT) Management, Information Systems, Trust.

Abstract: This work presents a model for applying the concept of trust in the management of information technology.

It presents relevant aspects on the application of trust within IT Management and focuses on the necessity of

aligning a trust model with the organizational strategies and main activities. The impacts of trust in IT

management are described and related to recent studies on the reduction of risks in business-oriented IT

management. In this context, the model presented in this paper is based on the understanding trust indicators

are highly desirable to IT management, as long as they are measured and controlled, and used as a means for

IT management to acquire greater effectiveness in its alignment to general organizational and business

strategy.

1 INTRODUCTION

The environment in which organizations are inserted

is noticed as more and more globalized and

competitive. For acting optimally in their business

areas, these organisations need trustworthy

information and updated knowledge, finding in the

Information Technology (IT) a vehicle to add value

to products and services.

A business performance factor that is not

controlled cannot be managed. In consequence, a

premise for IT management is the need for

controlling specific factors in order to manage IT

efficiently. Management experience positive impacts

from a series of factors. The present article focuses

in one of them, the concept of trust, trying to better

know it, by treating trust related models and

mechanisms with the focal point in their use for the

evaluation of trust levels in the several areas of IT

management.

Although trust has been studied for decades in

various domains, one can nowadays consider that a

major interest exists in the analysis of its meaning

and its application by empirical and theoretical

methods. The technological development associated

to globalization created the need for interaction

among people and organizations geographically

apart, which added interest to formal and actual

relationships governed at least partially by trust.

2 THE CONCEPT OF TRUST

Many authors consider trust as an essential

component of relationships in multiple fields of

activities, for the optimization of the real interaction

between the entity or the person rendering some

service and the beneficiaries or users of this service.

Mayer et al consider trust to be important in many

areas (Mayer et al, 1995), such as: communications,

leadership, objective-targeted administration,

negotiation, game theory, performance recognition,

work relations and implementation of self-managed

working groups. Due to this ample employment, in

situations in which it is necessary to establish the

understanding and definition of trust, the possibility

of appearance of conflicting interpretations is

observed, giving way to the absence of clear

principles related to trust. Kee et al, 1999, coherent

with this finding, affirms that “trust is becoming

more and more important, but no one knows yet

what really it means”.

513

de Mello Benzi D., Timóteo de Sousa Júnior R., Bidan C. and Mé L. (2008).

MODEL FOR TRUST WITHIN INFORMATION TECHNOLOGY MANAGEMENT.

In Proceedings of the Tenth International Conference on Enterprise Information Systems - AIDSS, pages 513-518

DOI: 10.5220/0001703305130518

 SciTePress

Sociologist Diego Gambetta establishes that the

behavior of being as faithful as possible is a basic

principle in a model of human trust, being certain

that trust is something extremely subjective and

difficult (practically impossible) to get a standard

definition (Gambeta, 1988). In a relation between

two agents there is no guarantee of reciprocity in the

degree of trust between both, since each one may

trust the other in a distinct dosage. The decision to

start or not some interaction with another agent

depends on the level of trust established between the

parts, on the context and on the risk involved.

As a result of that difficulty, trust is many times

defined in a more specialized manner and is directed

toward the area of interest of the researcher.

Fukuyama (Fukuyama, 1996), for example, relates

trust and contemporary society, trust and social

systems (Luftman, 1999). Proceeding on

specialization, Pillatt highlights that a definition of

trust is used and assumed, within the environment of

e-business, turned, in a very specific manner, toward

topics such as authentication and ability to the

payment of requested products and/or services.

However, this type of definition is quite restricted to

the measurement of the trust regarding the

relationship with the purchaser and does not support

the measurement of trust of the other transactional

entities involved in the negotiation (Pillat, 2002).

Manchala tries to see trust in a more generic way,

measuring it based on the transaction as a whole

and not in some specific parameters of an entity

(Manchala, 1999, 2000). In this in case, information

referring to all the entities participating in the

transaction and in the product/service negotiated are

abstracted, serving as a basis for a more generic

measurement of trust.

When searching a wider concept, based in

objectives, approaching aspects related to honesty,

competence and trustfulness, it exceeds the borders

of the term itself and involves parameters that may

easily become related to terms such as

authorization, authentication, validation and others.

It is truth that these terms could be used

interchangeably as affirmed by Grandison and

Sloman, when considering authorization to be the

result of the refinement of a reliable relationship,

that is, the delegation of access rights for a

transactional entity to play specific actions in a

specific target, and authentication as being the

verification of the identity of an entity, which can be

played by means of a password, trustworthy services

of authentication or through certificates (Grandison

and Sloman, 2000).

Jones adds that trust is defined by the European

Commission Joint Research Centre as being “the

property of a business relationship so that credit can

be given to the business partners and to the

transactions played with them” (Jones, 1999).

Thus, it is possible to verify that the definitions

at times tend to interpersonal relationships, at other

times to business and service rendering, being

capable of quantifying levels of trust, opening a

wide range of research areas, approaching a number

of nuances of the Human as well as the Exact

Sciences.

2.1 Trust Types

The wide range of trust takes us to dividing,

according to the area of application and in

accordance with the distinct definitions, the

relationships facilitated and taken to relevant levels

of interaction based on interpersonal trust, inter-

institutional trust and person/institution trust.

(Grassi, 2004), configuring an interesting approach

to the objectives of this work, specifies that,

according to (Lyons and Mehta, 1997), trust is a

matter of degree, going from complete trust to its

complete absence, where the opportunist behavior

will be the rule. These authors analyze the role of

trust in facilitating efficient exchange relations,

considering the approach of two distinct

mechanisms that give support to trust, the socially-

oriented trust and the self-interested trust.

The socially-oriented trust considers aspects of

the past backward-looking, when analyzing the

social mechanisms carried out by the community of

individuals who, intentionally or inadvertently,

support trust and its consequences. (Dogson, 1993)

calls this vision of trust goodwill trust, where the

recognition that behavior is located inside a social

arena leads to the notion of trust for an orientation

based on norms; the social relations are experienced

in certain normative ways, or mutually understood.

The self-interested trust is instrumentally

understood, applying the theory of games to shape

the interaction between agents whose interests

partially conflict and partially converge. Trust comes

up as consequence of a careful calculation or the

intentional creation of incentives in direct reply to

the presence of behavioral risk. The relative costs

and benefits of being trustful or trustworthy are

measurable, and they are evaluated within the limits

of the exchange relation. Therefore, the self-

interested trust, in contrast with the previous one, is

fundamentally based on future “forward-looking”,

with agents being trustful or trustworthy only up to

ICEIS 2008 - International Conference on Enterprise Information Systems

514

the point where they expect such behavior to render

some direct return.

3 TRUST FOR IT MANAGEMENT

According to Haes and Van Grembergen (Haes and

Van Grembergen, 2005), in academic and

professional literature, the articles mentioning

governance in their titles, started to appear in 1999,

with an article Sambamurthy (Sambamurthy and

Smud, 1999) named Arrangements for the

Information Technology Management: A Theory of

Multiple Contingencies, and, in 2000, with the

article The Balanced Scorecard and IT Governance

de Van Grembergen, (Van Grembergen, 2000).

Thus, they concluded that the concept of

management emerged in recent years, what does not

mean many of the underlying elements of strategic

discussion on the alignment did not attract the

attention long ago.

Also, these authors emphasize that, even with the

advance of knowledge, it is usual to find

organizations where IT is inserted as a single

activity, implementing its processes and controlling

itself, moving in parallel, without converging to the

organizational management. Such procedure hardly

contributes to the generation of value in the

organization and, on the other hand, almost always

leads to a lack of tuning and adjustment between the

end-activity and the technological platform that has

as purpose to provide a solid base for the

qualification of strategic performance.

In this context, limited, hardly controlled actions

spread, in which tactics overcomes strategy, in

environments where processes and responsibilities

are not presented with the desirable definition. With

the excuse of fluidity of the competitive world and

the urgency of the business, unsatisfied customers,

products of poor quality, impacts in the

organizational image, and the inevitable income

losses are harvested.

The same studies, on the other hand, state that

organizations with an IT management adjusted to the

business, focused on the adequate treatment of

information, have their actions facilitated into taking

the opportunities and take less chances in face of

potential threats.

With this point of view, Weill and Ross

emphasize that IT Management “is implemented by

means of a set of mechanisms that if well conceived,

well understood and transparent promote desirable

behaviors in terms of IT. On the other hand, if the

mechanisms are poorly implemented, arrangements

for the management will not bring the expected

results”. (Weill and Ross, 2004).

3.1 Model for Trust within IT

Management

The study of trust confirms that it is directly related

to the levels of development of the societies and that

a society is more of evolved according to the trust on

the relationships of the individuals between

themselves and between them and the organizations.

Robinson and Jackson affirm that trust is related to

faith in people, that it is probably linked to the fact

that someone will keep his/her word, that is, there is

a risk involved, since this word may not be kept

(Robinson and Jackson, 2001).

Bacharach and Gambetta affirm that signals exist

which are used by individuals to interpret the

trustworthiness of the others and, moreover, the

repetition or the absence of these signals will, in its

incidence, provide mathematical answers, i. e.,

provide measurement. This way, it is verified that

the trust involves risk and can be measured

(Bacharach and Gambetta, 2000). Couch adds that

there are at least two different scales reliable: “trust

in the partner” (in a specific person) and

“generalized trust” (in the people in general, the

nature human being) (Couch et al, 1996).

These two aspects, measurement and risk, in report

to the IT management, for management involves

measurement and risk is inherent to IT services.

Thus in the application of trust to IT management,

the level of the trust, one may see, many important

points are considered, for the higher the level of

relationship is, the higher the level of relationship

and the lower the risk of the IT services,

guaranteeing adjusted relationships, efficient

communication and easiness in the implementation

of necessary adjustments to the conduction of IT in

the organizations.

The formalization of the application of the trust in

the IT management stimulates the conception and

implementation of computational model, that could

after be conceived elaboration of the evaluation of

the IT management.

For this, parameters will have to be established

under which the trust could be evaluated and

quantified, being then adjusted the use of topics

already consecrated and gifts in mechanisms of

support to management and auditing, existing in the

market and sought according to main decisions and a

prospection carried through in more than two

hundred companies, as in the case of the research of

Weill and Ross (Weill and Ross, 2004).

MODEL FOR TRUST WITHIN INFORMATION TECHNOLOGY MANAGEMENT

515

For the development of such model, as shown in

figure 1, aspects relevant to IT management were

used and confirmed on a further check (diagnose),

which, together with pertaining trust factors, support

the definition of trust management: "It is the activity

that designs, evaluates, monitors implants and the

appropriate mechanisms to establish decisions

structures, processes, alignment of business with IT

and media for obtaining the desired behavior, or that

can be evaluated as reliable in order to allow the

focus of technology in business objectives.”

Figure 1: Trust Model Components.

Thus, in the implementation of the model for

trust management, the following steps have been

established, corresponding to reliable actions:

1. Selecting the parameters or aspects of trust, for

the evaluation of trust.

2. Checking the result of the metrics applied IT

management, aiming the checking of values

obtained and allocated to each aspect of trust.

3. Assessing risk by estimating the risk involved

in a particular case based on the information

collected and the verification of process through the

metrics allocated.

4. Keeping a knowledge base, listing the

processes that are in the zone of risk, establishing

where they are vulnerable and reporting, in the case

of high risk.

3.1.1 Categories and Metrics

As the above aspects are established for the trust

evaluation, and to quantify it in the processes of IT

management metrics will be used to be able to

measure the concept of trust. These metrics focus on

each item related to the trust factors, enabling the

evaluation by their importance and relevance.

The design of trust in the IT management, notes

the importance of the model adoption that will

allocate these parameters, which is establish a

framework, which allows the analysis and evaluation

of the IT processes, listing the points to a vulnerable

and inadequate management appropriate and

effective.

Amongst the mechanisms related to the

management, for what it is considered, they present

high relevance to those related to the form as the

decisions of IT the adopted methodology are taken

to guarantee the alignment IT with the formulated

politics, as well as the normative aspects and of

communication in the enterprise scope are

established.

In that if it relates to the decision taking, verifies

that the organizations in formal way or not, they

establish a structure to place power to decide

responsibilities. In this task the evolvements of

business-oriented leaders of IT and as well as the job

of types that combine structures of decision taking

appears as relevant factors for an efficient

management. Amongst the structures the ones exist

that proved they generate performance better and

others that, for diverse reasons, do not contribute for

the efficiency of the activity, fitting to prospectors

them for generation of a pertinent and adjusted

evaluation to the quantification of the property of its

use as facilitators of the management.

For the alignment one is necessary accented

adequacy of the administration and the adjustment of

IT, of form the one that if constitutes in facilities of

the achievement of the enterprise objectives. The

alignment is materialized by the adoption of

processes that bring in its conception the necessity

of compromisers all the involved ones in business

and IT. These processes could be evaluated

according to its property and, in accordance with the

result, to be classified according to its

trustworthiness.

Considering a necessary communication for

diffusion of the decisions efficiency according to

desired, it is verified that despite the simplicity of

the understanding of that what it is not

communicated, or it is communicated of deficient

form, it will not be able to contribute for executions

adjusted and focused in the desire of the managers,

the adoption of diffusion mechanisms nor always is

efficient. To develop adequate strategies of

communication becomes a true differential in the

cases of success in the enterprise area. These

situations, of adequate medias or not, will take the

situations of evaluation for referring diagnostic

establishment to the trustworthiness of its job and

the consequent readjustment, in the case of little

TRUST

DEFINITION FOR

IT MANAGEMENT

TRUST

MANAGEMENT

VERIFICATION

TRUST MODEL

ICEIS 2008 - International Conference on Enterprise Information Systems

516

trust, aspect that accented cause impact in the

management.

The metric cited ones will be based on band of

values instead of an absolute value, providing a

bigger flexibility for the implantation of the same

ones in some differentiated scenes (small, average

and great companies). Being thus, values classified

could be used in: (1) low, (2) medium, (3) high, and

(4) very high.

3.1.2 Verification of the Result

During model validation, organizations with widely

known distinct stages of IT management have been

used, so as to provide the design of diagrams with

clarifying shapes and indicators of their real stages.

For such analysis, six aspects of IT management

have been considered, which were represented on

figures 2, 3 and 4: I – Planning; II – Organization;

III – Implementation; IV – Availability; V –

Support; and VI – Control. Each aspect has been

subdivided according to their domains, being

evaluated by their own metrics.

Figure 2: Low Trust Level.

The organizations with low levels of trust, as to

figure 2, present the results of the metrics in their

totality or, most of those below level five.

Figure 3: Average Trust Level.

Figure 3 represents

the results of metrics in their

totality or, most of those between level five and level

seven, which corresponds to organizations with an

average trust level.

The third representation, figure 4, refers to the

organizations with a high level of trust, for the

results of the metrics, in their totality or in its most,

is above level seven.

Figure 4: High Trust Level.

All aspects of trust that, after assessment, were found

in the risk zone – trust level below level five –

have been

reported for corrective measures.

The parameters, the actions, the backgrounds

will be maintained in a database as useful

knowledge for future solutions.

4 CONCLUSIONS

The organizations of all domains, given their needs

regarding information treatment, invest in

information technology. To attain the objective of

using resources to serve the improvement of the

operational performance, it becomes necessary to

promote integrated actions, in all levels, to respond

the necessities of business with the technological

support base.

The alignment of the IT Management with the

strategy of the organization is of prime importance,

for the tactical actions, with limited vision and as

solution of immediate or shortly-ranged problems,

do not add value and, for being in a less strategic

level, do not take us anywhere.

The market already presents quality tools that

aim to providing technological solutions, so that

information is spread and treatment adjusted in the

scope of the organization. The correct agreement of

the premises of management and the application of

the techniques of alignment and harmonization

available will bring as consequence an adjusted and

ready organization to take advantage of the

opportunities, as well as defend itself of the constant

threats that proliferate in the modern environment.

2,5

7,5

III

III I

VVI

IT MANAGEMENT

LOW TRUST LEVELS

7,5

I. II. III. IV. V. VI.

IT MANAGEMENT

AVERAGE TRUST LEVEL

2,5

7,5

I. II. III. IV. V. VI

IT MANAGEMENT

HIGH TRUST LEVEL

MODEL FOR TRUST WITHIN INFORMATION TECHNOLOGY MANAGEMENT

517

Moreover, a tenacious management supported in

pertinent control instruments and a modern

organizational culture that the sectorial

authoritarianism hinders is necessary, as well as a

perfect agreement of the objective traced on the

company strategy. The promptness and minor

necessities lead to accost demanding management

and to unnecessary efforts. The control and

accompaniment, implemented in indicators and

metrics, bring the guarantee of a safe route and the

opportunity of preventive and premature corrections,

providing agility, fluidity and trustworthiness.

The trust to be focused in the study of

Information Technology Management, moves away

from the concepts related to interpersonal

relationships, and towards those business-oriented

and to the rendering of services, that is, searches

rationality leaving aside emotional aspects.

Rationality brings implicit the possibility of

measurement, of quantification, the possibility of

being expressed in numbers.

Thus, in this context, one can infer that the safe

route is tied to trust, which shall provide highly

desirable results for management, as far as it is

controlled and measured. Then, it stops the IT

organizations, the creation of an evaluation model

for the reliable level in IT management, will make

greater effectiveness possible in its alignment with

the organizational strategy, and the deepening of

research and establishment of new questions in the

areas of governance related knowledge, trust and

intelligent systems, will be relevant for the scientific

community, for stimulating the search of new

borders of knowledge.

ACKNOWLEDGEMENTS

Dayse de Mello Benzi is supported by CAPES

Brazil and would like to thank Supélec – France for

its support during her external stage, in the context

of her doctoral program.

REFERENCES

Bacharach, M, Gambetta, D., 2000. Trust in Signs. In:

COOK, Karen (ed.) Social Structure and Trust. Nova

York, Russell Sage Foundation.

De Haes S., Van Grembergen W., 2005.IT Governance

Structures, Processes and Relational Mechanisms:

Achieving IT/Business Alignment in a Major Belgian

Financial Group. In: 38th Hawaii International

Conference on System Sciences. In:

http://doi.ieeecomputersociety.org.

Couch, L.L., Jeffrey, A.M., & Jones, W.H., 1996.

Measuring level of trust. Journal of Personality

Assessment, 67(2), 305-323.

Dodgson. M., 1993. Learning, Trust and Interfirm

Technological Linkages: Some Theoretical

Associations. In: mimeo.

Gambetta, D., 1988. Trust : Making and Breaking

Cooperative Relations. Oxford : Basil Blackwell.

Fukuyama, F. (1996). Confiança: As virtudes sociais e

a criação da prosperidade. Rocco, Rio de Janeiro.

Grandison. T., Sloman. M., 2000. A Survey of Trust in

Internet Applications. In IEEE Communications

Surveys.

Grassi. R.A., 2004. Em busca da noção evolucionária

(neo-schumpeteriana) do auto-interesse dos agentes:

uma contribuição a partir da literatura sobre

cooperação interfirmas. In: Revista Análise

Econômica – Edição 042/Setembro de 2004,

Faculdade de Ciências Econômicas, UFRGS.

Jones. S., 1999. “RUST-EC: Requirements for Trust and

Trust in E- Commerce. In: European Commission,

Joint Research Centre.

Kee. P. G. W., Balance. C., Chan. S., Schrump. S., 1999.

“Electronic Commerce Relationships: Trust by

Design.” In: Prentice-Hall.

Luftman, J., & Brier, T., 2005. Achieving and sustaining

business-IT alignment. California Management

Review, 42(1), 109–122.

Lyons. B. e Mehta. J. , 1997.Contracts, Opportunism and

Trust: Self-Interest and Social Orientation. In:

Cambridge Journal of Economics, vol. 21.

Manchala. D. W., 1998. Trust Metrics, Models and

Protocols for Electronic Commerce Transactions. In:

The 18th international conference on distributed

computing systems, Holanda. Proceedings.

Amsterdan: Xerox.

Manchala. D. W. E-Commerce Trust Metrics and Models.

In: IEEE Internet Computing, p.36-44, mars 2000.

Mayer, R. C., Davis, J. H., & Schoorman, F. D., 1995. An

integrative model of organizational trust. Academy of

Management Review, 20:709-734.

Pillatt. F. R., 2002. Um Modelo para o Tratamento de

Confiança sobre Transações de e-Business. Master

Dissertation. In: http://www.dsc.ufcg.edu.br/~copin/

pessoas/alunos/htms/FabioRobertoPillatt.htm

Robinson, R., Jackson, E., 2001. Is Trust in Others

Declining in America?: An Age-Period-Cohort

Analysis. Social Science Research, 30: 117-145.

Sambamurthy V., Zmud R.W., 1999. Arrangements for

Information Technology Governance: a theory of

multiple contingencies. MIS Quarterly, vol. 23, no. 2.

Van Grembergen W., 2000. The Balanced Scorecard and

IT Governance. In:Information Systems Control

Journal, Volume 2.

Weill P., Ross J. W., 2004. IT Governance – How Top

Performers Manage IT Decision Rights for Superior

Results. Harvard Business School Publishing.

ICEIS 2008 - International Conference on Enterprise Information Systems

518