Extract - A risk assessment of the Piql Preservation Service

4 Definitions This chapter provides working definitions of key terms utilised in this report and specifies important delimitations. The subjects touched upon requiring clarifications are risk and vulnerability analysis, computer security and the scenario-based approach. 4.1 Terms related to Risk and Vulnerability Analysis Term Definition

Protection against unwanted events that are cause by one or more coincidences, i.e. unintentional events. Protection against unwanted events that are the result of deliberation and planning, i.e. intentional acts.

Safety

Security

Risk

Expression of danger of loss of important values due to an unwanted event.

A possible unwanted event that can have negative consequences for the security of an entity. Used in this report in relation to an action performed by a threat actor, i.e. an intentional act. Source of potential harm. Used in this report in relation to an event without a deliberate cause, i.e. an unintentional event. Lack of ability to withstand an unwanted event or maintain a new stable state if an asset is subject to unwanted influence. Used here as a working definition: Overall process of risk identification, risk analysis and risk evaluation.

Threat

Hazard

Vulnerability

Risk assessment

4.2

Terms related to Computer Security

Term

Definition

Pre-emptive measures to secure confidentiality, integrity and availability of sensitive information throughout its existence. It is common to include measures to secure authenticity as well.

Information safety

Confidentiality

The prevention of unauthorised disclosure of information.

The prevention of unauthorised modification of information, i.e. the information is unaltered with the information content as it is supposed to be. The prevention of unauthorised deletion or removal of information. The property of being accessible and usable upon demand by an unauthorised entity. That the information is what it portrays itself to be. The property of being real and authentic. Physical phenomena chosen by convention to represent certain aspects of our conceptual and real world. The meanings we assign to data are called information. Data is used to transmit and store information.

Integrity

Availability

Authenticity

Data

Information

The interpretation of data. Any form of intelligence in material or immaterial form.

The physical representation of value. A resource that, if exposed to unwanted influence, will bring about a negative effect for the person who owns, manages or profits from the resource. Used here as a synonym for the data stored on the piqlFilm in need of storage and protection.

Asset

Value

The assigned worth of an asset.

Page | 7