A Risk Assessment of Piql Services by FFI
purpose of the study is to assist the development of a product for the targeted application areas which in a security context is adapted to the market’s needs. That is why FFI’s perspective while assessing the risk towards the Piql Preservation Services is user-oriented. To solve the task outlined above, we have chosen a scenario-based approach. FFI has much experience with this method, and it is suitable to the assignment. Due to the large intended application area of the Piql Preservation Services, we need a structured way of identifying its weaknesses and security challenges. Morphological analysis is a method to structure and analyse complex problems, making it the perfect tool to assist us in making a suitable selection of scenarios. The scope of the project further indicates that a large number of scenarios is needed to make sure the risk assessment covers all the relevant hazards and threats facing the Piql Preservation Services. Describing in full detail such a large number of scenarios lies outside the scope of this assignment. Consequently, we have developed a scenario template which enables us to include a greater number of scenarios in the assessment without the risk of omitting important details. Based on the vulnerabilities and security challenges identified for different application areas in the scenario analysis, we outline development tasks and changes that could be made to the design and requirement specifications of the Piql System which should help to solve these security issues. Additionally, the report includes a brief overview of alternative digital storage technologies which are available on the market today – e.g. hard disks (HDD), optical disks (CD) and magnetic tapes (LTO) – in order to place the Piql Preservation Services in a wider context. After their general features are introduced, their security qualities are briefly discussed. It will become evident that the Piql Preservation Services possess some qualities which make it better suited for long-term preservation, both with regards to functionality and for security purposes. This report is structured in 11 chapters. Chapter 2 serves as a background chapter and gives a brief introduction to the Piql Preservation Services, in order to give the reader an understanding of the service which is sufficient to follow our assessment of the risks which may threaten it. During this introduction the scale and complexity of the Piql Preservation Services will become clear: for now it is sufficient to note that Piql AS’ vision for the system is both universal and global in its application, and the longevity of the components storing the information is 500 years. It is necessary, then, in chapter 3 to clarify and specify the scope of the assessment. It is equally important to define the key terms which are used throughout the report, which is done in chapter 4. Chapter 5 outlines and explains the simplifications and specifications we found necessary to clarify while developing the appropriate scenarios for the scenario analysis. There proved to be so many elements which needed to be considered because the scenarios have to cover a service this size, that we were required to make certain standardised assumptions about the present and future application of the Piql Preservation Services. These we outline as various categories, often consisting of different sub-categories. 1.1 Document Structure
12
FFI-RAPPORT 16/00707
Made with FlippingBook - Online magazine maker