FFI-RAPPORT 16/00707

17

3 Scope

The Piql Preservation Services is a complex system, with several components with various

features, and both a production and a storage phase. When we recall that Piql AS’ vision for the

system is both universal and global, and we add to that a time perspective of 500 years, we

begin to comprehend the complexity of the Piql Preservation Services and thus the intricacy of

doing a risk assessment of this system. Because of this complexity it is necessary to limit the

field of our risk assessment. First, however, it is pertinent to outline what is meant by risk

assessment. Yet, before explaining our approach to doing a risk assessment, we must clarify

some term usage. In this report, we are using the term

risk assessment

, not threat assessment or

threat analysis. The term risk covers both intentional acts and unintentional events and does not

therefore risk excluding the latter, as the term threat can do. Additionally, according to the

definition we follow here, an analysis is only a small part of an assessment, and we aim to

evaluate more than would be covered by an analysis.

Risk assessments, be it for a product or a business model, are a method to better manage risks.

Knowing which threats or hazards may harm our objectives and which vulnerabilities our values

have can allow security measures to be put in place, which lets us control the risk and determine

it at a level which is found acceptable and tolerable. By including a risk assessment as part of a

R&D project, Piql AS ensures that risks are identified early in the development process of the

system, so that new or modified design and manufacturing requirements for version two of the

piqlFilm and -Box can be implemented. Moreover, security parameters surrounding the

piqlVault can also be recommended to the end users.

Different approaches to risk assessment and how best to apply them in real life is a contested

issue in the field of societal security and preparedness. There are two main approaches used in

Norway:

1

the NS 5814, which is based on SN-ISO Guide 73:2009 [5], and the newer NS 5832

[6]. They are in part competing approaches, and there is a lot of discussion in different work and

research environments as to which is the better one to use. FFI has also been instrumental in this

discussion, recently completing a thorough study on the subject specifically on the merit of the

different approaches when it comes to preparing for unwanted intentional acts [7]. Their

conclusion is, not surprisingly, that both approaches have their strengths and weaknesses, and

that they can – and perhaps should – complement each other for a better result.

We will use the more scientifically founded terminology of the NS 5814 as the general

framework for our risk assessment approach. Within this framework, however, we incorporate

the three factor model presented in the NS 5832 into the analysis, which captures the

relationship between value, threat and vulnerability. This value-oriented thinking is essential to

this risk assessment. In order to develop a product for the targeted application areas which in a

security context is adapted to the market’s needs, we need to start by gaining an understanding

of which assets each application area needs protected, i.e. what type of information and the

1

Norway is used as a frame of reference, as this is where we have the most experience. The standards used are also representative of

other national standards.