"A risk assessment of the Piql Services" by FFI

However, the recommendations are not binding: they are meant only to serve as guidelines. Because the risks faced by different user of the Piql Preservation Services vary depending on geographical setting and sector, and they also judge the severity and acceptance of the risks differently among themselves, there is no ―one size fits all‖ model. We have identified the risks faced by the Piql Preservation Services in general, and it is up to the individual users to decide how they need to prioritise them. The only exception is when we give recommendations which specifically suit the needs of the high demanding user. Generally, it is only necessary to put in place enough security measures in and around the Piql Preservation Services to deter threat actors with the intention to compromise the CIA of the information from acting. How many measures that amounts to, is adjustable to the different market areas and the level of sensitivity on the information, and is up to the users and Piql partners to determine specified to their circumstances. A general rule of information security is to always keep backups [16 p.46]. If one wants to be truly secure, one should request more than one copy of the piqlFilm. The backup copies must be protected in the same way as the original copy, and preferably placed in a different location. This will amount to an additional cost, but security does cost. This issue will always depend on how valuable the information is to a person or entity. Another general measure to employ when using the Piql Preservation Services is to preserve the information using the hybrid method, i.e. both as visual text and pictures as well as digitally encoded data. By printing all the information twice on the same piqlFilm it is easier to determine that the information is the same and has not been tampered with, for instance if a few frames of the piqlFilm have been cut away after it was written into its physical form. The integrity of the information is thus doubly ensured. We stated in chapter 9 that the piqlFilms are at their most vulnerable when they are ―out in the open‖, and this makes the transportation phase particularly hazardous. Other than to change the routes of the transportation from day to day so as to take away a threat actor’s ability to plan precisely where to stage an assault, there is additional measure that can be taken and that is to eliminate the transportation phase altogether. To achieve this, the production site must in effects be moved to the storage facility, including all necessary printing equipment and know-how. For a user storing very sensitive information, it may be worth the additional effort. Tied to the risks present during transportation is the recommendation to always be aware of your surroundings, though this recommendation is valid for the placement of the piqlVault or production site as well. The Piql partners should avoid placing their services near high risk occupancies, such as near industrial plants or dams. If such placement is unavoidable, the Piql partners should always take the necessary precautions connected to the risks presented. Even if the circumstances of the Piql Preservation Services are deemed to be relatively safe and secure, the Piql partners should always have the required safety and security measures in place, because we can never know what the future might bring, neither with regards to climate change, or if a 11.1 Recommendations for General Security

90

FFI-RAPPORT 16/00707