Table of Contents Table of Contents
Previous Page  137 / 177 Next Page
Information
Show Menu
Previous Page 137 / 177 Next Page
Page Background

FFI-RAPPORT 16/00707

135

is no continuous surveillance in the system to catch irregular

transactions, it is not brought to light soon enough, and the information

is already in the wrong hands.

As the insider is a high level operator, and as such enjoys a certain level

of respect from his/her co-workers, the operator is not challenged when

picking up the piqlFilm from the operator port, nor do the other

employees react when he/she leaves the facility with the films.

Box

The piqlBox is not affected during the theft.

Film

The piqlFilms in question are not damaged, but they are removed

without authorised permission.

Power/energy supply The power supply is not affected during the theft.

Divergence from

ISO standard

The storage conditions of the Piql Preservation Services are not affected

during the theft.

Security mechanisms

Integrity

As the piqlFilms are not damaged during the incident, the data is not

lost in the sense that it is altered. The integrity of the piqlFilms thus

remains intact.

Availability

The availability of the piqlFilms is compromised, as the information

stored on them is no longer accessible to the data owner.

Confidentiality

Most importantly for the data owner, the confidentiality of the

information stored on the PiqlFilms was irrevocably compromised, as

another actor who absolutely should not have had access to its contents

did gain access. The loss of confidentiality also resulted in grave

financial consequences for the data owner.

Immunity (against

attacks on the above

mentioned)

The Piql Preservation Services is not immune to attacks on availability

or confidentiality.

Recommendations

Recommended

protective measures

To mitigate the threat of the insider, the following guidelines are

advised:

1.

Make sure sound procedures for vetting of potential employees are

in place during hiring processes. These can include full security

clearance or criminal record and credit check depending on sector.

2.

Perform such checks at regular intervals, not just at the start of the

employment, to ascertain whether any change in circumstance has

come about which can have a negative effect on the way an

1 132 133 134 135 136 137 138 139 140 141 142 143 177  FlippingBook