Extract - A risk assessment of the Piql Preservation Service

must be state of the art, update security software as fast as possible, never distribute administrator rights to end-user, and block any unauthorized programs. Studies show that these four measures stop 80-90% of all internet related attacks. In addition, the guidelines say to activate code protection against unknown vulnerabilities, harden applications, utilize firewalls on client interfaces, use secure booting and hard disk cryptography, use anti-virus and anti-malware, and never to utilize more applications than strictly necessary. In addition, we recommend Piql AS to offer its users cryptography at the Front-End service before information is transferred, and also to implement cryptography for protection of the information after it enters the Piql IT system. Though it would compromise the vision of being self-contained, whether this feature should stay intact or not should be up to the individual user to decide. 12 Conclusions The vulnerabilities and security challenges identified in this assessment may seem numerous, but as absolute worst case scenarios have been included, in reality the outlook is not so grave. Many of the problems also have easy solutions. The scenario analysis identified several vulnerabilities, some severe; such as fire and the threat of an insider, and some not so severe; like electromagnetic pulses and nuclear radiation, and some that simply require more testing. The main finding in terms of vulnerabilities, is that it is the gelatin emulsion layer of the piqlFilm that is the weakest link, and as this is where the information is written, this vulnerability could have grave consequences for the security of the information stored. However, the gelatin silver print method has been used to preserve photos and moving images since 1874, and despite imperfect storage conditions, some of the first examples still exists today. Nevertheless, Piql Services has many strengths. For example, the choice of materials, disregarding the gelatin emulsion layer, can serve to increase the security of the information stored. Especially the properties of the PP of the piqlBox and the PET of the piqlFilm, seems to withstand a great deal of external influence. A choice of an automated storage facility has enhanced the security and safety of the Piql Services. The modified piqlVault system may eliminate many risks: the tight stacking of the piqlBins strengthens the stability, it is more difficult for an outsider to access the stored information and it decreases the chance of human errors in terms on handling the piqlBoxes. Perhaps the most significant strength is that the piqlFilm is an offline medium. And with 500-year longevity, meaning no need for migration, it sets Piql Services apart from any other physical storage medium for digital information. The content-data is only connected to online networks once, and only a handful of people must be involved. The number of potential risk sources eliminated is therefor great. And even when connected to online-networks, the computer security mechanisms put in place by Piql AS are relatively strong. When it comes to physical security there are some issues in terms of forces outside of ones control, be it forces of nature or threat actors with malicious intents. Taking necessary precautions and constantly being aware of potential risks should be sufficient. With time the level of risk may be made even lower if alterations as a result of this assessment. Ultimately, the decision to store information in any manner is a matter of risk acceptance. There will always be risks involved with every storage system when valuable information is involved. It simply a matter of placing the risk at a level acceptable to the user.

Page | 21