A Risk Assessment of Piql Services by FFI
Security mechanisms
The integrity of the piqlFilm that is being printed was never intact to begin with, as the complete file of original information was never printed onto the film in its entirety. The integrity of the logical information stored in the Piql IT system was compromised when the alterations due to sabotage took place.
Integrity
The availability of the information is forever lost, unless the data owner has backup copies.
Availability
The confidentiality of the information was also breached the moment state X broke through the security software of the Front-End code and was able to access the client information to see which parts it wanted to alter.
Confidentiality
Immunity (against attacks on the above mentioned)
The Piql Preservation Services is not immune to attacks against confidentiality, integrity and availability.
Recommendations
The IT security measures already in place are sound. Only a highly resourceful threat actor would be able to perform the sabotage outlined here. An option is to create a true air gap between the two computers’ CPUs. Although this will not stop the threat actor from gaining access into the Piql IT system, it will make it impossible to alter the received client data undetected. However, such a measure is an unlikely feature in a production process, as it would make the production too inefficient.
Recommended protective measures
References
Relevant literature
144
FFI-RAPPORT 16/00707
Made with FlippingBook - Online magazine maker