"A risk assessment of the Piql Services" by FFI
protected and the corresponding value, or degree of sensitivity, of that information. Defined in very broad terms, the user class is divided into the business or public sectors, storing sensitive or non-sensitive information. A new potential Piql partner can quite easily locate the user class within which it belongs, and thus gain a generic understanding of which risks apply to their organisation and which corresponding security measures should be put in place. The level of sensitivity of the information is further divided into sub-categories. A measure of sensitivity is how critical its loss would be. The degree of sensitivity can vary greatly depending on how important the information is from one situation to another, from one period of time to another, and sensitivity is also often a matter of subjective judgement. As a frame of reference, we have chosen to use Norwegian legislation detailing which rules and regulations apply to different levels of sensitive information. Similar legislation can be found specifically for other nations. For the purposes of this report, the levels of sensitivity are divided into five groupings, outlined in table 5.2 below.
Sensitivity level
Description
Classified or confidential information, as specified by national acts on protective security services [18].
Public highly sensitive
Information exempt for public consumption, as specified by national regulations governing access to documents in the public administration [24]. Proprietary information, as specified by national regulations governing the management of information in need of protection for other reasons than those mentioned in the national act on protective security services, including regulations [25]. Business confidential or proprietary information, as specified by the individual enterprise. Personal data, as specified by national acts regulating the processing of personal data [26].
Public sensitive I
Public sensitive II
Business sensitive
Public sensitive and
business sensitive
Table 5.2 The classifications of sensitive information
Information that falls within the category non-sensitive is kept separate from the overview in table 5.2, as it solely depicts the various degrees of sensitivity of information which has already been deemed sensitive. Most of the digital information generated today is non-sensitive, and this category will undoubtedly comprise most of the information which is stored with the Piql Preservation Services. It is not to say that this information is not valuable and in need of long- term preservation: it is simply not sensitive, understood as information not needed to be withheld from the public. Non-sensitive information can certainly be valuable, such as the very high value cultural artefacts have to a society. Preserving the cultural heritage of a society is
28
FFI-RAPPORT 16/00707
Made with FlippingBook Online newsletter