**3.1 Trusted information systems**

One foundation for building trusted information systems is systems assurance. Systems assurance is defined as the justified confidence that the system functions as intended and is free of exploitable vulnerabilities, either intentionally or unintentionally designed or inserted as part of the system at any time during the life cycle (NDIA, 2008). The ideal scenario where no exploitable vulnerabilities exist is unrealistic. Therefore, active risk management must be performed to reduce the probability and impact of vulnerabilities to tolerable levels of risks.

Confidence establishes trustworthiness and tolerable residual risk. Trust in any information system is really the result of the methods employed to assure confidence in the system, both in its functions and protection of the information it holds and the results it produces.
