"A risk assessment of the Piql Services" by FFI
is no continuous surveillance in the system to catch irregular transactions, it is not brought to light soon enough, and the information is already in the wrong hands. As the insider is a high level operator, and as such enjoys a certain level of respect from his/her co-workers, the operator is not challenged when picking up the piqlFilm from the operator port, nor do the other employees react when he/she leaves the facility with the films.
Box
The piqlBox is not affected during the theft.
The piqlFilms in question are not damaged, but they are removed without authorised permission.
Film
Power/energy supply The power supply is not affected during the theft.
Divergence from
The storage conditions of the Piql Preservation Services are not affected during the theft.
ISO standard
Security mechanisms
As the piqlFilms are not damaged during the incident, the data is not lost in the sense that it is altered. The integrity of the piqlFilms thus remains intact.
Integrity
The availability of the piqlFilms is compromised, as the information stored on them is no longer accessible to the data owner.
Availability
Most importantly for the data owner, the confidentiality of the information stored on the PiqlFilms was irrevocably compromised, as another actor who absolutely should not have had access to its contents did gain access. The loss of confidentiality also resulted in grave financial consequences for the data owner.
Confidentiality
Immunity (against attacks on the above mentioned)
The Piql Preservation Services is not immune to attacks on availability or confidentiality.
Recommendations
To mitigate the threat of the insider, the following guidelines are advised: 1. Make sure sound procedures for vetting of potential employees are in place during hiring processes. These can include full security clearance or criminal record and credit check depending on sector. 2. Perform such checks at regular intervals, not just at the start of the employment, to ascertain whether any change in circumstance has come about which can have a negative effect on the way an
Recommended protective measures
135
FFI-RAPPORT 16/00707
Made with FlippingBook Online newsletter