"A risk assessment of the Piql Services" by FFI

User class

Level of sensitivity

User group

Asset

Public registry of personal data – Social services; Universities; Finance/Insurance; Health services; Fire department; Police department, criminal records. Government administration – Government bodies; National archives and libraries.

Documents relating to casework. Personal data.

Personal data

Government records, central administration management, correspondence. Classified information. Internal case documents. Government records, central administration management, correspondence. Classified information. Internal case documents.

Proprietary

information

Government administration – Government bodies; National archives and libraries.

Public

Sensitive

Exempt from public

consumption

Defence and Intelligence – Military bodies and archives; Intelligence and security bodies and archives; Research establishments; Suppliers.

Classified information.

Classified,

confidential

Table 5.3 The user classes and corresponding assets used in the scenario development

5.4 Location and Description of Storage Facility

Giving a description of the piqlVault and its surrounding environment that is accurate, precise and which reflects the way Piql AS envisions the implementation of the Piql system is an important step of risk identification, which will in turn let us give meaningful results in the analysis and evaluation phases. Of course, such a precise and realistic description of a piqlVault and its surroundings would vary greatly between countries and between sectors. So, we are required to create a simplified version of reality and of the Piql storage facility in particular. One representation of a piqlVault is presented in the following. This description does not serve as a requirement specification for the design of a piqlVault: it is merely meant to serve as a tool for the scenario development. A schematic presentation is given in table 5.4 below.

30

FFI-RAPPORT 16/00707