A Risk Assessment of Piql Services by FFI

the intrinsic potential to give rise to risk) that can lead to an event with a consequence. NS 5830:2012 defines vulnerability as lack of ability to withstand an unwanted event or maintain a new stable state if an asset is subject to unwanted influence [5 p.8, 13 p.5]. Used here as a working definition: Overall process of risk identification (process of finding, recognising and describing risk), risk analysis (process to assess the relationship between the intentional threats or unintentional hazards faced by a certain value and the vulnerability of this value against the specified threat or hazard) and risk evaluation (process of determining the level of risk and identifying corresponding measures to reduce the harmful effect). 4

Risk assessment

Table 4.1 Terms related to risk and vulnerability analysis

4.2 Terms Related to Computer Security

Term

Definition

Pre-emptive measures to secure the confidentiality, integrity and availability (CIA) of sensitive information throughout its existence. It is common to include measures to secure authenticity as well [11, 14 § 5,1, 15].

Information security

The prevention of unauthorised disclosure of information [16 p.34, 14 § 5,3-b].

Confidentiality

The prevention of unauthorised modification of information [16 p.35, 17, 14 § 5,3- c]. I.e. the information is preserved unaltered with the information content as it is supposed to be. The prevention of unauthorised deletion or removal of information. The property of being accessible and usable upon demand by an authorized entity [14 § 5,3-d, 16 p.36]. That the information is what it portrays itself to be. The property of being real and authentic [17, 14 § 5,1]. Physical phenomena chosen by convention to represent certain aspects of our conceptual and real world. The meanings we assign to data are called information. Data is used to transmit and store information [16 p.40]. The (subjective) interpretation of data. Any form of intelligence in material or immaterial form [16 p.40, 18 § 3,7]. In the PreservIA project context: Immune against the alteration of CIA.

Integrity

Availability

Authenticity

Immunity

Data

Information

4 Our working definition is a combination of the definitions found in SN-ISO Guide 73:2009, NS 5830:2012 p.5 and Rausland & Utne (2009) p.77.

22

FFI-RAPPORT 16/00707

Made with FlippingBook - Online magazine maker