A Risk Assessment of Piql Services by FFI
the intrinsic potential to give rise to risk) that can lead to an event with a consequence. NS 5830:2012 defines vulnerability as lack of ability to withstand an unwanted event or maintain a new stable state if an asset is subject to unwanted influence [5 p.8, 13 p.5]. Used here as a working definition: Overall process of risk identification (process of finding, recognising and describing risk), risk analysis (process to assess the relationship between the intentional threats or unintentional hazards faced by a certain value and the vulnerability of this value against the specified threat or hazard) and risk evaluation (process of determining the level of risk and identifying corresponding measures to reduce the harmful effect). 4
Risk assessment
Table 4.1 Terms related to risk and vulnerability analysis
4.2 Terms Related to Computer Security
Term
Definition
Pre-emptive measures to secure the confidentiality, integrity and availability (CIA) of sensitive information throughout its existence. It is common to include measures to secure authenticity as well [11, 14 § 5,1, 15].
Information security
The prevention of unauthorised disclosure of information [16 p.34, 14 § 5,3-b].
Confidentiality
The prevention of unauthorised modification of information [16 p.35, 17, 14 § 5,3- c]. I.e. the information is preserved unaltered with the information content as it is supposed to be. The prevention of unauthorised deletion or removal of information. The property of being accessible and usable upon demand by an authorized entity [14 § 5,3-d, 16 p.36]. That the information is what it portrays itself to be. The property of being real and authentic [17, 14 § 5,1]. Physical phenomena chosen by convention to represent certain aspects of our conceptual and real world. The meanings we assign to data are called information. Data is used to transmit and store information [16 p.40]. The (subjective) interpretation of data. Any form of intelligence in material or immaterial form [16 p.40, 18 § 3,7]. In the PreservIA project context: Immune against the alteration of CIA.
Integrity
Availability
Authenticity
Immunity
Data
Information
4 Our working definition is a combination of the definitions found in SN-ISO Guide 73:2009, NS 5830:2012 p.5 and Rausland & Utne (2009) p.77.
22
FFI-RAPPORT 16/00707
Made with FlippingBook - Online magazine maker