A Risk Register for Digital Curation aligned with theOAIS reference model

Ana Raquel Correia Bairrão

Thesis to obtain the Master of Science Degree in

Information Systems and Computer Engineering

Supervisor: Prof. José Luís Brinquete Borbinha

Examination Committee

Chairperson: Prof. Mário Rui Fonseca dos Santos GomesSupervisor: Prof. José Luís Brinquete Borbinha

Member of the Committee: Prof. José Rui de Matos Figueira

June 2015

ii

Acknowledgments

First and foremost, I would like to express my most sincere thanks to Prof. Jose Borbinha. Without

his help, knowledge and support, I would have not been able to finish this thesis. I would like to thank

the scholarship given by INESC-ID and the 4C European Project (FP7/2007-2013 grant agreement no.

600471). It was a privillege to work in an international team. My thanks go to all my colleagues at

INESC-ID, Ricardo Vieira, Joao Edmundo, Diogo Proenca, Nuno Pradiante, Ahmad Nadali, Antonio

Higgs, as well as the rest of the project team. I am grateful for Jose Barateiro participation in interviews

and revision of results, thus adding value to this dissertation and the work I did while working in the 4C

project.

I would like to thank my parents, Henrique and Amelia Bairrao for their unconditional encouragement,

support and attention. Without them, I wouldn’t be the person I am today. I hope one day I will be able

to repay all the efforts they did for me throughout the years. I would like to dedicate this dissertation to

my nephew Rafael Rosalis, may he be free to follow his dreams, knowing that anything is possible to

achieve if we believe we can do it.

I take this opportunity to express my deepest gratitude to all my colleagues and friends. A special

thank to Leonor Sotto Mayor, Jorge Saldanha, Ines Fernandes, Ricardo Dias, Claudia Patrıcio, Ricardo

Carvalho, Pedro Antunes, Catarina Moreira. Thank you for all the good times and interesting conversa-

tions we shared throughout the last years of college.

To Bengisu Sisik, Shruti Chandra and Marzieh Bakhshandeh. Thank you for all the support, guid-

ance and motivation during this last year. You are graceful persons and I owe my sincere respect and

admiration to you.

To Wadih Yared, I am more than grateful to have you as my friend. Thank you for all the love and

support, for making me believe in myself, encouraging and enlightening me to pursue my goals using

the power of NOW.

Finally, my sense of gratitude to one and all, who directly or indirectly, have lent their hand in this

venture.

iii

iv

Resumo

Um registo de riscos actua como uma base de conhecimento e orientacao para a analise de riscos que

afectam uma organizacao. Representa uma profunda investigacao e compreensao do contexto de uma

organizacao, em todos os seus nıveis de operacao.

Uma vez que a probabilidade de ocorrencia de riscos aumenta ao longo do tempo, tornou-se uma

necessidade que as organizacoes adoptem medidas no ambito da avaliacao, mitigacao, tratamento e

controlo de riscos, durante todo o ciclo de vida da preservacao dos dados.

Os dados sao um activo importante hoje em dia. O acesso a informacao detalhada dos dados da as

organizacoes a liberdade de tomar medidas estrategicas de prevencao ou, de arriscar tendo em conta

as oportunidades de negocio que possam destacar-se apos a analise dos dados de que dispoem. A

implementacao de um Plano de Gestao de Risco na concepcao de solucoes de Curadoria Digital devera

ser uma pratica comum nas organizacoes. Por conseguinte, tornou-se relevante que a organizacao siga

princıpios e directrizes de gestao de risco, tais como a ISO 31000. Desta forma, a Curadoria Digital tem

um suporte para dar continuidade ao trabalho de preservacao, manutencao e valor dos dados, durante

todo o ciclo de vida de preservacao dos mesmos. Este trabalho propoe um exemplo de um registo de

riscos, alinhado com o negocio de Curadoria Digital, alinhando tambem com os modelos de referencia

e auditoria para repositorios digitais, OAIS e TRAC.

Palavras-chave: Gestao de Risco, Lista de Riscos, Curadoria Digital de Dados, OAIS

v

vi

Abstract

A risk register can act as a knowledge base and guidance for analysing relevant risks affecting an

organisation. It represents a thorough research and understanding of the organization context to all

levels of operation. Since the probability of emerging risks to occur rises overtime, it has become a

necessity to adopt measures regarding assessment, mitigation, treatment and control of these risks, for

long term data preservation.

Data is an important asset nowadays. Having access to detailed information of data gives people the

freedom to prevent or risk within the support of data assessment, representing business opportunities.

The development of a Risk Management Plan in the design of Digital Curation solutions regarding the

domain of an organisation should be a common practice in organizations nowadays. Therefore, it is

important that the organisation follows the principles and guidelines of Risk Management, such as the

ones given by the ISO 31000. By doing so, Digital Curation workflow of preserving, maintaining and

adding value to data, would have a way to support the overall data life-cycle management.

Although it’s not easy to implement a Risk Management Process in an organisation, the purpose

of this thesis is to bring enlightenment on where to start. This action will enable the identification of

risks which can be misperceived within the organization. We propose a Risk Register, that is aligned

within the business of Digital Curation, as well as the known standards like OAIS and TRAC for digital

repositories trustworthiness and long-time preservation.

Keywords: Risk Management, Risk Register, Digital Curation, OAIS

vii

viii

Contents

Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii

Resumo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x

List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv

1 Introduction 1

1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 Problem Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

1.3 Research Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.4 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1.5 Solution outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1.6 Thesis outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Related Work 7

2.1 Risk Management Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.2 ISO/FDIS 31000:2009 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.2.1 Risk Management Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.2.2 Risk Management Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.2.3 Risk Management Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.3 Digital Curation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.3.1 Digital Preservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.3.2 Digital Preservation Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.3.3 Reference Standards and Audit Methods for Digital Repositories . . . . . . . . . . 18

2.4 Risk Management, Digital Curation and BMC . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.4.1 Business Model Canvas (BMC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.4.2 Business Model Canvas to support Risks identification . . . . . . . . . . . . . . . . 21

2.5 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

ix

3 Proposal 23

3.1 Risk Register examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.1.1 DRAMBORA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.1.2 ENISA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

3.2 Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.2.1 Risk Register - first iteration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

3.2.2 Risk Register - second iteration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

3.2.3 Risk Register - proposed solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

4 Demonstration 34

4.1 A Risk Register for Digital Curation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

4.1.1 First and second steps of the proposed solution . . . . . . . . . . . . . . . . . . . 34

4.1.2 Third and fourth steps of the proposed solution . . . . . . . . . . . . . . . . . . . . 34

4.2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

5 Evaluation 39

5.1 Risk Register Evaluation Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

5.1.1 LNEC Case Study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

5.1.2 PWA Case Study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

5.2 BMC designed for Digital Curation and supported by a Risk Register . . . . . . . . . . . . 42

5.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

6 Conclusion 46

6.1 Lessons Learned and Final Thoughts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

6.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Bibliography 53

A Traceability between OAIS, TRAC repository reference models and DRAMBORA terminol-

ogy 55

B DRAMBORA list of risks 69

x

List of Tables

2.1 Components of the risk management framework . . . . . . . . . . . . . . . . . . . . . . . 10

2.2 Risk analysis methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2.3 Risk assessment techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.4 Risk levels of severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.5 Risk treatment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3.1 List of Risks retrieved from DRAMBORA analysis . . . . . . . . . . . . . . . . . . . . . . . 30

xi

xii

List of Figures

1.1 Survey conducted by The Intelligence Unit of The Economic Times (EIU) of 208 risk

management and regulatory compliance executives at retail, commercial, and investment

banks equally balanced from North America, Europe, Asia-Pacific and the rest of the

world (June 2014). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 Survey on Digital Information Risks conducted by Archives New Zealand to highlight areas

in the public sector where digital information was at risk of being lost and to discover which

risks are the most prevalent (December 2010). [3] . . . . . . . . . . . . . . . . . . . . . . 3

1.3 Design Science Research Methodology (DSRM). [51] . . . . . . . . . . . . . . . . . . . . 4

2.1 ISO 31000 - Conceptual map for risk management principles. [32] . . . . . . . . . . . . . 9

2.2 ISO 31000 - Risk management process. [32] . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.3 ISO 31010 - Risk matrix. [32] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2.4 DCC Curation Lifecycle Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.5 OAIS conceptual map. [10] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.6 BMC template. [49, 60] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.7 BMC ontology. [49, 60] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

2.8 Example of risk questions using a BMC. [8] . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.1 Sample of DRAMBORA functional classes, activities, assets and owners. [44] . . . . . . . 24

3.2 Sample of DRAMBORA list of risks. [44] . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

3.3 ENISA ERF risk identification function. [20] . . . . . . . . . . . . . . . . . . . . . . . . . . 26

3.4 ENISA ERF risk assessment scale. [20] . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

3.5 ENISA list of top risks after executing the ERF risk assessment method. [20] . . . . . . . 27

3.6 Proposal method for creating a risk register for Digital Curation. . . . . . . . . . . . . . . . 31

4.1 OAIS Functional Entities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

4.2 Digital Curation Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

4.3 Digital Curation Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

4.4 Digital Curation Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

4.5 Digital Curation Consequences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

4.6 Digital Curation Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

4.7 Digital Curation Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

xiii

4.8 Step two of the solution iteration (see section 3.2.3) . . . . . . . . . . . . . . . . . . . . . 38

5.1 LNEC Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

5.2 LNEC Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

5.3 LNEC Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

5.4 LNEC Consequences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

5.5 LNEC Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

5.6 LNEC Risk Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

5.7 PWA Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

5.8 PWA Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

5.9 PWA Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

5.10 PWA Consequences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

5.11 PWA Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

5.12 PWA Risk Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

5.13 General Business Model Canvas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

5.14 LNEC Business Model Canvas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

5.15 PWA Business Model Canvas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

xiv

Acronyms

4C Collaboration to Clarify the Cost of Curation

BMC Business Model Canvas

DCC Digital Curation Centre

DRAMBORA Digital Repository Audit Method Based on Risk Assessment

ENISA European Network and Information Security Agency

ISO Internacional Standard Organization

LNEC Laboratorio Nacional de Engenharia Civil

OAIS Open Archival Information System

PWA Portuguese Web Archive

TRAC Trustworthy Repository Audit Certification

xv

Chapter 1

Introduction

Risk identification is the first step of executing a risk assessment, during the Risk Management Pro-

cess. [32] A risk register can act as a knowledge base [14] and guidance for analysing relevant risks

affecting an organisation. It represents a thorough research and understanding of the organization con-

text to all levels of operation. [32] Important techniques to apply while producing a risk register are brain-

storming and interviews. [34] This action will enable the identification of risks which can be misperceived

within the organization.

1.1 Motivation

To understand the usefulness of producing a risk register, one can start by analysing the graph in fig-

ure 1.1. The conclusion relies on the fact that, organizations, nowadays, face the challenge of executing

a proper Risk Management due to a lack of sufficient data to support it.

Figure 1.1: Survey conducted by The Intelligence Unit of The Economic Times (EIU) of 208 risk man-agement and regulatory compliance executives at retail, commercial, and investment banks equallybalanced from North America, Europe, Asia-Pacific and the rest of the world (June 2014).

Risk Management [33] practice has been developed through time in order to meet the various needs

and goals of an organization. Furthermore, the consistent adoption of a comprehensive framework in

the definition of an organization processes helps to ensure that risk is managed effectively, efficiently

1

and coherently across all areas of the organization. [6, 32] Although risk is an effect of uncertainty [33],

the concern of understanding what might be a risk for a particular context of business is crucial for the

development of strategies.

Digital Curation is an ongoing process, alongside with the process of long-term digital preserva-

tion. [52] To maintain, preserve and add value to digital data throughout the data preservation lifecy-

cle [12], a necessity raised for making an efficient digital data management [22], by identifying possible

threats and mitigate identified risks. [52] Moreover, since digital data is shared among the research com-

munity, it is of relevance to have curated data in trusted digital repositories. [13] For curation to enhance

the long-term value of digital data [12], Risk Management can act as a positive support to sustain the

overall digital curation process. In hope it will bring sustainability for the lifetime activity of reposito-

ries, this strategy helps managing digital data assets such as business records, research data, cultural

heritage collections, personal archives and other assets that represent value to repositories. [2, 52]

The outlook of the risk register is to allow for potential risks to be identified and analysed. This

action relies on providing solid ground for risk evaluation and implementation of mitigation measures,

designated as controls. [32, 52] The risk register aims to acknowledge digital repositories community

of a baseline of risks which entail to support future decisions, related to the long-term lifetime of digital

repositories business. [52] Moreover, this measure is intended to add value to data while executing the

process of Digital Curation.

1.2 Problem Description

Digital Repository Audit Management Based on Risk Assessment (DRAMBORA) [44] was the first doc-

ument providing work on how to conduct a risk assessment for digital repositories. Herein, the overall

activities, assets, an extensive list of risks and possible mitigation measures for digital repositories, are

described in detail. DRAMBORA [44] design followed the guidelines of other established risk man-

agement standards – AS/NZS 4360 [16] and ISO 27001 [35]. Meanwhile, ISO 31000 [32] was under

development, as well as the OAIS reference model for digital repositories. [14] AS/ NZS [16] standard

nowadays follows the ISO 31000 [32] guidelines for Risk Management, and ISO 27001 [35] addresses

Risk Management within the scope of information security. Therefore, one can argue the work produced

in DRAMBORA [44] has become obsolete.

Starting from this premise, we concluded that there isn’t a knowledge base [14] of risks identified for

Digital Curation. Therefore, the problem we aim to address is how to start developing a knowledge base

of risks for Digital Curation, having as guidelines the ISO 31000 Risk Management process [32] and the

OAIS reference model for digital repositories. [14]

Moreover, figure 1.2 shows results of a conducted survey on Digital Information Risks by Archives

New Zealand. [3] One can underline important risk acknowledgments on which organizations:

(i) don’t have the means to understand the value of their assets; (ii) lack resources to manage infor-

mation efficiently; (iii) are not aware of the existence of some information assets.

One can perceive the opportunity and need on which organizations should implement Risk Manage-

2

Figure 1.2: Survey on Digital Information Risks conducted by Archives New Zealand to highlight areasin the public sector where digital information was at risk of being lost and to discover which risks are themost prevalent (December 2010). [3]

ment practice, on the overall levels of operation. Furthermore, considering the value of digital information

should be a priority to a organization. By using this measure, the business continuity of organizations

would be re-evaluated from time to time, preventing possible losses and assuring digital data preserva-

tion for the long-term of its lifecycle.

In view of the arguments presented above and in section 1.1, raises the awareness of why creating

a risk register as a knowledge base is of relevance for the Digital Curation context. In section 1.5, a

solution outline is given to address this problem, providing a form of identifying inherent risks towards a

organization business.

1.3 Research Method

The adopted research method to address the problem stated in section 1.2 follows the Design Science

Research Methodology (DSRM). [51] As we can see in figure 1.3, DSRM follows six phases:

1. Problem identification and motivation, detailed in sections 1.1 and 1.2;

2. Definition of the objectives of a solution, shown in section 1.5;

3. Design and development, proposed in the solution design described in section 3;

4. Demonstration, presented in section 4;

3

5. Evaluation displayed in section 5;

6. Communication, addressed in section 1.4.

Figure 1.3: Design Science Research Methodology (DSRM). [51]

The design science research method follows an iterative approach. The phases solution goals,

design and development, demonstration, evaluation and communication, are revisited throughout the

execution of different iterations for the identified problem and motivation. It finishes when the answer to

the stated problem is achieved, having as evidence the outcome of the results of applying the proposed

solution. If there is no positive answer to the stated problem, goals of the solution should be revised and

a different approach should be addressed.

For the problem stated in section 1.2, three iterative actions where overseen. On the first iteration,

DRAMBORA [44] was used as a reference of risk identification for digital repositories. A study of its

concepts and approach while conducting a risk assessment for digital repositories audit, served as the

starting point for the creation of a risk register. This work is described in section 3.2.1. On the second

iteration, based on the acknowledged concepts after DRAMBORA analysis, a list of risks was compiled

and introduced in a risk assessment tool. The idea was to validate the outcome of the risks identified for

Digital Curation, and follow the next phases of the risk assessment workflow, as it is explained in detail

in section 2.2.3 of this work. The results are described in section 3.2.2 The third iteration addressed

the traceability of the outcome produced in the second iteraction within the concepts of the OAIS [14]

reference model for digital repositories. The solution is displayed in section 3.2.3. The latter envisioned

a result able to satisfy the answer to the problem statement: how one can create a risk register for Digital

Curation, aligned with the concepts of the OAIS reference model for digital repositories.

The following step was to evaluate the results obtained with case studies. LNEC and PWA were the

chosen options due to the nature of its business - one the national civil engineering laboratory repository,

the other, a portuguese web archive repository, and its availability to participate as case studies in the

demonstration of these results.

4

Taking part in the team of INESC-ID1 for the 4C2 European project, gave me the opportunity to eval-

uate the outcome of the risk register on a higher level. As I pointed out in the opening section 1, a risk

register implies a thorough understanding of the overall organisation context. The activity of establishing

the context is the first step of the Risk Management process, as it is detailed in section 2.2.3. The as-

sumption of designing a Business Model Canvas [49] for the scope of Digital Curation was elaborated.

The idea was modeling a BMC to support the identification of risks for Digital Curation. Meanwhile,

the opportunity raised for me to validate the outcome of the third iteration of my solution with the con-

cepts presented in the conceptual business model designed for Digital Curation. The work outcome is

displayed in section 5.2.

The dissemination of this work was possible due to cooperation on the writing of two published

papers, one conference poster and a 4C project deliverable. More information regarding this matter is

found in section 1.4 of the present work.

1.4 Contributions

The major contributions of this work are as follows:

• Risks identification for Digital Curation, based on two steps:

– Review of the list of risks identified in DRAMBORA. Collection of assets, activities, vulnera-

bilities, events, consequences and associated risks, for Digital Curation;

– Verification of the traceability of the identified risks with the general concepts for Digital Cura-

tion, presented in OAIS repository reference model.

• The effect of these two actions was:

– The creation of a risk register to serve as knowledge database to support Digital Curation;

– Act as support for the Business Model Canvas designed model for using Risk Management

in the context of Digital Curation, under the 4C European project scope.

The two steps stated previously assisted on underlining the overall context of Digital Curation. The

procedure sustains the development of a knowledge base of risks. This brought up new conclusions on

how a repository can start building its own risk register, by following the general concepts of its business.

The effect of the two adressed actions was, first, to provide an outcome of a list of risks within

Digital Curation. Second, act as demonstration and evaluation of the work conducted in the 4C project,

serving as evidence of the premisse of using a BMC to support the implementation of Risk Management

for Digital Curation. The work reported herein was published in project deliverables of the European

Comission project 4C [8, 60], and is displayed in the link http://holiriskreporter.sysresearch.

org/models.

1https://www.inesc-id.pt/2http://4cproject.eu/

5

In addition, to disseminate this work, the papers [5, 52] were accepted and presented at Encontro

Intercional de Arquivos 3(EIA2014) and Internacional Conference on Enterprise Information Systems 4

(ICEIS2015) conferences. A poster [45] was accepted and presented at International Digital Curation

Conference (IDCC2015).

Finally, this work served as a usability test of the risk assessment tool [4] HoliRisk, being developed

by our team at INESC-ID. It supported the qualitative analysis of the collected risk data. Moreover,

modelling improvements and interface suggestions were given as feedback.

1.5 Solution outline

In this work, we present a risk register [9, 33, 38] of risks for Digital Curation. The list of risks is the

outcome of the associations between the identification of assets, vulnerabilities, events and conse-

quences within the analysis of digital repositories outlook. [6] It shows the starting point on how to build

a knowledge base of risks, and is aligned with the OAIS reference model concepts for digital repositories

activities. [14] The result of this work was then tested using a tool [4] for risk assessment which follows

the ISO 31000 family concepts [32], developed by our team at INES-ID. This assured that the thought

taken to create a risk register aligned with ISO 31000 concepts is possible. The risk assessment was

accomplished by the outcome of a list of risks for Digital Curation, that is due to be used for showing

relevant information regarding inherent risks of an organization. To evaluate this work, two case studies

were used: Laboratorio Nacional de Engenharia Civil (LNEC) 5 and Arquivo da Web Portugesa 6 [27]

(designted in this work by its English acronym PWA).

1.6 Thesis outline

Following the Introduction section, this document is organized as follows: section 2 presents the related

work associated with this thesis. Sections 3, 4and 5 detail the proposed solution to address the problem

stated in section 1.2, as well as a demonstration of the applicability of the solution and a evaluation of the

achieved results. The sections stated before present a discussion section at the end of each section,

as well as an approach to outline the relevant conclusions alonside with the work evolution. Finally,

section 6 presents the conclusions of this work, along side with lessons learned, and future work.

3http://eiarquivos2014.weebly.com/4http://www.iceis.org/5http://www-ext.lnec.pt/LNEC/lnec new first page/6http://www.arquivo.pt/

6

Chapter 2

Related Work

2.1 Risk Management Standards

Depending on the market sector, business type, topology of the organization, or organizational activity,

there are numerous methodologies and tools that give support to the process of Risk Management. The

ground base for generic risk management frameworks relies on the next three standards:

• ISO - FDIS 31000 (2009) - Risk management principles and guidelines; [32],

• ISO - IEC 31010 (2009) - Risk assessment techniques; [34]

• ISO Guide 73 (2009) - Vocabulary for risk management. [33]

However, since these standards are not focused on any specific area of implementation, there are

other risk management frameworks that present a set of principles and foundations guide on the design

and implementation of the Risk Management process in any type of organizations.

For example, Value-at-Risk (VaR) is used as a risk measure on specific portfolios of financial assets.

[29] On general scope, entitled as the Enterprise Risk Management frameworks, there are several

methodologies such as AIRMIC, ALARM, IRM (AAIRM) [1], which provide references and guidelines to

risk management; Management of Risk (M o R) [46], which gives guidance on how to achieve a good

risk management practice, the necessary elements and approaches required, the critical processes

for a risk management model, and which are the reviewing mechanisms that should be used; Com-

mittee of Sponsoring Organizations of the Treadway Commission Enterprise Risk Management

(COSO ERM) [17], provides help on how to manage risk enterprise-wide and to define the key enter-

prise risk management principles, concepts and components. In the area of information technology,

more precisely on information security, the highlights go to the Operationally Critical Threat , Asset,

and Vulnerability Evaluation (OCTAVE) [11], focusing on the organizational assets and the risks to

those assets through a compressive, systematic, context-driven and self-directed approach; NIST, Risk

Management Guide for Information Technology System [59], helps organizations addressing and

understanding their information security risks; and Risk IT Framework [31], which is a set of guiding

7

principles that help enterprises identify, govern and effectively manage IT risk; and the ISO 27000 [35]

family, which is a generic standard of principles and guidelines for dealing with information security.

However, a study compared different risk management frameworks, reaching the conclusion that all

had the same understanding regarding risk management, but differed on the scope analysis – project

vs. organization. [53]

The main divergences [53] to concern about were:

• The inclusion of additional elements beyond the central risk management process such as com-

munication elements, collaboration elements and guides;

• The approach to process - certain standards cover mainly the risk management process itself, and

ignore the aspects involved in establishing the organizational infrastructure needed to apply the

process;

• The differing definitions of risk among the selected standards, which can be seen in two areas:

opportunities or threats. Some frameworks just focused in the risk management of the threats.

The section 2.2 present the state-of-art for Risk Management, having the generic standard ISO

31000 family [32, 33, 34, 37] as the subject of study, which will serve as support and groundwork

throughout the development of this thesis.

2.2 ISO/FDIS 31000:2009

ISO 31000 [32] standard pursues the goal to give organizations a generic guideline regarding the matter

of design and implementation of a risk management plan. This standard provides a form to harmonize

the existing management processes in an organization since it takes into account the various needs of

the organization and can be applied throughout the life cycle of an organization, including its strategies

and decisions, operations, processes, functions, projects, products, services and assets. [32] Within the

Risk Management scope, it is important to notice the difference regarding the terms “risk management”

and “management of the risk”. While the first one refers to the architecture – principles, frameworks and

processes – for managing risks effectively, the second one refers to the application of that architecture to

specific risks identified. [34] Having understood the difference between these terms, it is next presented

a conceptual map that addresses the principles for Risk Management, accordingly to the standard ISO

31000. [32] The following sections present a description of the risk management framework and risk

management process regarding the ISO 31000 and ISO 31010. [32, 34]

2.2.1 Risk Management Principles

The conceptual map for risk management principles illustrates the global context for this matter.

First, the organization should have a committed risk attitude towards the integration of risk manage-

ment within their overall processes. Therefore, dialog with the stakeholders and management resources

should be engaged to acquire knowledge of the business strategy and goals the organization intends to

8

Figure 2.1: ISO 31000 - Conceptual map for risk management principles. [32]

achieve. Having this into account, it is then possible to define the specific context of the organization.

After collecting information from the internal and external factors outlined for the organization, it is pos-

sible to design a risk framework consistent with the risk criteria defined within the established context.

Alongside with this, rises the identification of threats, vulnerabilities and risks based on the events that

may affect the achievement of goals identified at the beginning of the risk management process.

Risk assessment is then applied within the risk profile – identification, analysis and evaluation, in or-

der to decide which are the appropriate techniques and controls to treat them. Risk management aims

to create value for the organization, as it explicitly addresses uncertainty and takes in consideration the

best available information to help the decision-making of stakeholders. Risk management is dynamic,

iterative and responsive to change process, as well as transparent and aligned with the overall organi-

zation processes. The management of risk facilitates the continual improvement and enhancement of

the organization.

2.2.2 Risk Management Framework

The risk management framework comprehends the relationship between a set of components that pro-

vide the foundations and organizational arrangements in the design of the risk management framework

throughout the organization. [33] The foundations namely are the policy and objectives of the organiza-

tion and their commitment to manage risk properly, aligned with their strategic business plans, account-

abilities, resources, processes and activities. Overall, the risk management framework should be fully

integrated within the organization strategy and operational policies and practices, as it is illustrated in

table 2.1. [32]

According to the ISO 31000 [32], the framework for managing risk is based on the following compo-

nents and their relationships:

9

Table 2.1: ISO 31000 - Components of the risk management framework. [32]

2.2.3 Risk Management Process

The risk management process is a continuous application of management policies, procedures and

practices to the activities of communicating, consulting, establishing the context and risk assessment

– identifying, analyzing, evaluating, treating, monitoring and reviewing risk. [33] A description of the

activities stated before is presented in the following subsections.

First, an important activity of the risk management process is establishing the context, which involves

the correct identification of risks in a particular domain of interest. Therefore, it is important to understand

how the organization outlines its stakeholder’s objectives and characterizes the external and internal

parameters to take into account while managing risk, in order to set the scope and risk criteria for the

remaining process. This helps the organization to acknowledge the relevant risks regarding a specific

domain and its consequences, providing information for planning and decision-making regarding the

correct choice of policies, procedures and risk assessment methodologies to mitigate the identified

risks.

This is an iterative activity and it will vary accordingly to the organization needs along the risk man-

agement process. Furthermore, this activity enables the definition of risk criteria, used to evaluate the

significance of the identified risks. Risk criteria are defined at the starting point of any risk management

process, being continuously reviewed to see if it is still consistent with the organization risk management

policy.

The factors to take in consideration while defining risk criteria regard: (i) the nature and types of

causes and consequences than can occur and how they will be measured; (ii) the likelihood of those

risks to occur and definition of a level of importance accordingly to its context domain relevance; (iii) the

level at which risks become acceptable or tolerable; (iv) if there is the possibility of combinations between

multiple risk identified; (v) the views of stakeholders.

Second, the activity of risk assessment embraces the whole environment attached within the risk

10

Figure 2.2: ISO 31000 - Risk management process. [32]

scope – identification, analysis and evaluation of risk. Risk assessment provides groundwork for decision-

making of stakeholders and responsible parties, regarding the most appropriate actions to take in ac-

count in order to treat risks. It helps understanding which types of risks could affect the achievement of

objectives, and the adequacy and effectiveness of the controls already in place. To sum up, the output

of risk assessment is an input to the decision-making processes of the organization. [34] Risk assess-

ment depends not only of the context defined during the risk management process, but of the methods

and techniques used to perform risk assessment. The table 2.3 shows the applicability of tools for risk

assessment, accordingly to the ISO 31010. [34]

• Risk identification includes all the sources of risk, areas of impacts, events that comply with the

changes that may occur during the process of risk management, their causes and consequences,

derived from the definition of context stated before. The idea is to recognize the existence of risk

and generate a comprehensive list of risks based on those events that might create, enhance,

prevent, degrade, accelerate or delay the achievement of objectives. [32] Furthermore, the identifi-

cation of risks enables the process of identifying threads - events that affect normal behavior [33],

or vulnerabilities - potential points of failure in the environment [33], which may have an impact on

the assets owned by the organization. Another important factor in risk identification is experience

because it is normal for risks to derive from a non-deterministic cause. Identified risks may be

categorized according to its type: security, hazard, legal, operational, financial, strategic and risk

criteria defined while establishing the context, resulting in the definition of a risk profile.

• Risk analysis examines the identified risks in terms of their nature and severity, developing an

understanding of the risk and if it is consistent with the risk criteria defined during the activity of

establishing the context. It enables collecting information for risk evaluation and decision-making

whether risks need to be treated and which are the more appropriate strategies and methods for

11

risk treatment. The analysis of the risks subsists of determining the consequences and probabil-

ities for the identified risks, taking into account the presence, effectiveness and efficiency of any

existent controls. [34] Moreover, determining the consequences and their likelihood to occur, being

them positive or negative, when combined, determine the level of risk. Consequences and their

likelihood can be determined by modelling the outcomes of an event or set of events, or by extrap-

olation from experimental studies. [34] The impact of these consequences can be expressed in

terms of tangible or intangible factors. The methods used for risk analysis can be qualitative, semi-

quantitative and quantitative, and reside upon the degree of detail depending on the availability of

reliable data and decision-making needs of the organization (see table 2.2).

• Risk evaluation assures decision-making regarding risk treatment from the outcomes provided by

risk analysis. It outlines which risks need treatment and the priority for treatment implementation.

The decision may depend on the costs and benefits of taking the risk, or implementing improved

controls. Risk evaluation relies on the similarity between the estimated levels of risk with the

risk criteria defined at the context outlining, to determine the significance of the level and type

of risk. Following, it is presented a risk matrix that divides risks regarding their risk level and

priority. [34] Table 2.4 shows how risk levels can be categorized, taking in consideration the risk

matrix illustrated in 2.3 .

Table 2.2: ISO 31000 - Risk analysis methods description. [32]

After risk assessment, risk treatment is the subsequent activity of the risk management process.

Risk treatment bears upon the choice of options for the most appropriate risk treatment measures to

modify risks or its applied controls. This choice considers the need to balance the costs and efforts

of implementation against the benefits derived, with regard to legal, regulatory, and other requirements

such as social responsibility and the protection of the natural environment. When selecting risk treat-

ment options, dialog with stakeholders should be engaged, as their values and perceptions must be

considered. Risk treatment is a cyclic process and needs monitoring to give assurance that the selected

12

Table 2.3: ISO 31010 - Risk assessment techniques; Legend: X – Applicable XX – Strongly Applicable- Not Applicable. [32]

Table 2.4: ISO 31010 - Characterization of the type of levels for risk severity evaluation. [32]

measures remain effective.

The most common measures for risk treatment options are listed in table 2.5.

The activity of monitoring and review of the risk management process takes place at the beginning

of the process, and it is applied periodically along the process. Responsibilities for risk control must be

clearly defined and the expected results from each process phase outlined. The aim of this action is to

13

Figure 2.3: ISO 31010 - Risk matrix. [32]

Table 2.5: List of risk treatments options according to the ISO 31010. [32]

ensure an effective and efficient control by obtaining information to improve risk management, which can

be extracted from lessons learned and applied in the detection of changes in the context definition or

risk criteria used, leading to possible revisions of risk treatments and priorities, as well as identifying new

emerging risks. [32] The results of this activity should be recorded and used as input on the following

review of the risk management framework and the pre-defined risk management plan.

Finally, other activity of the risk management process is communication and consultation, and aims to

engage dialog with stakeholders. These plans for communication and consultation should take place at

all stages of the risk management process, and mainly address issues correlated with the risk – causes,

consequences, and the measures being taken to treat it. [33] The opinion of internal and external stake-

holders should be considered to ensure that those accountable for implementing the risk management

process and stakeholders understand the basis on which decisions are made when defining risk criteria

and evaluation, and the purpose of particular actions to take place, such as a treatment plan to mitigate

the identified risks. [34]

A risk management plan [21] defines the scope and process for the identification, assessment, treat-

ment and management of risks which could impact the organization and/or its relevant projects. This

plan considers the overall risk profile that could harvest a particular organization or project. The objec-

tive of this plan is to define the strategy to manage related risks throughout the remainder of the life cycle

such that there is acceptable minimal impact on cost and schedule, as well as operational performance.

[32, 21] The risk management plan is constantly updated as it needs to ensure that previously identified

risks are managed effectively and new risks are quickly identified and managed throughout the life cycle.

It depends on the risk management framework that a certain organization might have implemented.

14

2.3 Digital Curation

The general definition of Digital Curation, as defined by DCC 1 is:

”Digital curation involves maintaining, preserving and adding value to digital content throughout its

entire lifecycle. The active management of digital material reduces threats to its long-term value and

mitigates the risk of digital obsolescence. As well as reducing duplication of effort in digital object

creation, curation enhances the long-term value of existing content by making it available for further use

in a wide variety of contexts.” [41]

The lifecycle of digital curation involves the following steps, as it is defnided by DCC 2:

Conceptualise: idealize a plan for the creation of digital objects, as well as ingestion methods and

storage;

Create: generate digital objects and designate them accordingly to its metadata: descriptive, struc-

tural, technical, and administrative;

Access and use: make sure digital objects are acessible to its community, accounting for different

user profiles regarding data privacy;

Appraise and select: evaluate and verify which digital objects need long-term data preservation.

Document this information in form of guides, policies or legal requirements;

Dispose: not selected digital objects are disposed. Document this information in form of guides,

policies or legal requirements;

Ingest: transfer digital objects to an archive, trusted digital repository or data centre. Documment

this information in form of guides, policies or legal requirements;

Preservation action: plan ahead digital preservation actions, to assure the integrity and authenticity

of digital objects through its lifetime;

Reappraisee: digital objects that fail validation measures are returned to ”Appraise and select” step;

Store: take measures to safely storage digital objects, recurring to standards as a reference;

Access and reuse: data should be acessible to the community, taking into account different users

profile and data privacy policies;

Transform: use digital preservation techniques to create new digital objects formats.

Figure 2.4 displays the Digital Curation lifecycle model, defined by the Digital Curation Centre (DCC). 3

As this work refered in section 1.1, Digital Curation is an ongoing process, alongside with the process

of long-term digital preservation. [52] Therefore, a description of digital preservation and associated

techniques, as well as reference model standards and audit mehtods for repositories are adressed in

sections 2.3.1, 2.3.2, 2.3.3.

2.3.1 Digital Preservation

Digital preservation assures the integrity and authenticity of digital objects [7]. It is supported by careful

planning and by defining clear objectives on which information to preserve and at which level of pro-

1As defined by the Digital Curation, Centre—http://www.dcc.ac.uk/digital-curation/what-digital-curation2DCC - http://www.dcc.ac.uk/digital-curation/what-digital-curation3http://www.dcc.ac.uk/resources/curation-lifecycle-model

15

Figure 2.4: DCC Curation Lifecycle Model

tection, aligned with the characteristics of the environment of objects preservation. Each type of digital

objects has its own specific set of requirements, demanding an accurate planning of Digital Curation

activities.

The common digital preservation vulnerabilities are related to processes, data and infrastructure. [6]

The threats derived from these vulnerabilities can be appointed has internal or external attacks, natural

or human disasters, management failures (economical or organizational), and legislative changes or

new legal requirements. Therefore, a repository must be reliable so as to keep the digital objects intact,

accessible and authentic; flexible, scalable and heterogeneous, as to respond and adjust to emerging

changes. [7, 21] Since different analysis methods, workflows and processes can lead to different results

and data, it is extremely important to maintain and assure the information of the corresponding data, in

order to prevent the misleading of the data research or even, a misinformed decision making leading to

an inadequate data preservation strategy plan. [21]

On the other hand, digital repositories should be audited periodically, allowing the detection of latent

faults, increasing the recovery time and decreasing the chance of data losses. [10] There are some

standards that might help in the development process of a trusted repository regarding Digital Curation

(see section 2.3.3).

2.3.2 Digital Preservation Techniques

To draw a picture of the challenges, vulnerabilities and threaths pinpointed in section 2.3.1, techniques

and characteristics of metadata are delineated next. This intends to envision the list of risks shown in

section 4.1.

Migration - involves keeping digital objects in recent media formats, to prevent media obsolescence.

The approaches to address possible losses are:

• Analog media, where digital objects are kept in analog formats (paper, microfilm, etc.);

• Version update, where digital objects are updated to a new file format (ex: .doc to .docx);

16

• Conversion to other file formats (ex: .docx to .pdf);

• Normalization of digital objects, where file formats have specifications accordingly to preserva-

tion requirements.

Emulation - implies the simulation of the original production environment of a digital object (exp.

reproduction of old consola video games using an emulator for up-to-date technological platforms). This

action adds complexity to the digital preservation challenge, and knowledge of the old platforms where

digital object was runned is needed.

Diversity - when an attack, disaster or accident occurs in a larger scale, the risk of losing digital

objects is minimized because of:

• Physical location, distributed operational platforms reduce the risk of multiple systems failure in

case of natural disasters or attacks to components of the system happen;

• Software diversity, helps the mitigation of malware/viruses threats and vendor lock-in;

• Hardware diversity, reduces vendor lock-in and the probability of related components destruction

under specific conditions;

• Administration, sharing administrative obligations among repository resources reduces the risk

of one of the resources to compromise the entire system (internal attack, human error).

• Storage diversity, prevents multiple failures due to technological defects.

Metadata - is namely, ”data about other data” ( see table A). [14] Although not a technique, it is impor-

tant for other techniques to be applied, such as emulation and migration, providing required information

to interpret data within a digital object. The types of metadata can be classified as:

• Technical metadata, characterizes the technological context used in the generation of a digital

object;

• Descriptive metadata, describes the context information of a digital object;

• Structural metadata, details information on how digital objects are organized (provenance, owner,

file format, dependencies, etc.);

• Preservation metadata, used in the scope of digital preservation, to maintain the authenticity and

integrity of digital objects;

• Rights metadata, characterizes the access rights and privacy information of digital objects.

Inertia - implies slow response of the system if component suffers an attack, preventing total system

failure and time to recover.

Refreshing - suggests the update of the system’s technological infrastructure, to prevent obsoles-

cence and system/media failures of components and file formats.

Auditing - measure to discover latent faults that would otherwise only be detected in the case a

user accessed that specific data. Ingested data auditing to third parties may be necessary to verify

17

compliance with preservation requirements, reducing the chance of digital objects losses. It implies

flexibility of the systems, due to recursive change of auditing systems for security reasons.

Detailed information regarding the exposed techniques can be found in the research work of [6, 10,

43].

2.3.3 Reference Standards and Audit Methods for Digital Repositories

Digital Repository Audit Method Based on Risk Assessment (DRAMBORA)

An important initiative of addressing Digital Curation through Risk Management was Digital Reposi-

tory Audit Method Based on Risk Assessment [44]. This method used self-assessment repository audit,

encouraging organizations to define their objectives, activities and assets before applying risk assess-

ment to the identified risks within the organization. However, DRAMBORA risk assessment audit method

relies on tradicional preservation systems, being currently, an obsolete audit method. [6]

Open Archival Information System (OAIS)

The Open Archival Information System (OAIS) [14] reference model was published by the Consulta-

tive Committee for Space Data Systems. The goal of OAIS reference model is to offer the community

a conceptual model of an archival system, alonside with a common language to address the repository

business. [6] Figure 2.5 presents an overview of the OAIS reference model.

Figure 2.5: OAIS conceptual map. [10]

Audit and Certification of Trustworthy Digital Repositories (TRAC)

The Trustworthy Repositories Audit & Certification: Criteria and Checklist [13] idea is to provide a

document describing the metrics of an OAIS compliant digital repository. It deals with the organiza-

tional and technical infrastructure for secured repositories and embraces capabilities of certification for

organizations to assume long-term preservation responsibilities. [6]

18

2.4 Risk Management, Digital Curation and BMC

The 4C - Collaboration to Clarify the Costs of Curation project, analysed the adoption of business models

to clarify the concepts of value creation in Digital Curation. [41, 60] A Business Model Canvas (BMC)

was designed to pinpoint the view of how digital repositories can understand their business, achieving

perception of the value of their assets. Section 2.4.1 explains the business model canvas concepts.

2.4.1 Business Model Canvas (BMC)

Business Model Canvas (BMC) was designed to support the concept of business models creation, using

a visual tool as a template to start this modelling. [24, 25, 50] The template used today had its origin

of conception on Alexander Osterwalder thesis work ”The Business Model Ontology”. [23, 47] Currently,

the book ”Business Model Generation” [49] shows a simple solution on how to a create business model,

explaining in detail the needed steps, to address a broader audience. The idea presented is the use

of a template with nine factors, representing nine building blocks. The relationship between each nine

building blocks introduces perspective of the designed business model ontology in Osterwalder previous

work. Figure 2.6. The ontology behind it is displayed in figure 2.7.

Figure 2.6: BMC template. [49, 60]

The description of each building block displayed in figure 2.6 is presented next.

Value proposition This block describes the key points on why customers use a certain product or ser-

vice. This information is helpful when trying to understand problems or needs of customers, providing

additional value to the organization.

Key partnerships The motivation behind this block relies on perceiving the need of an organization to

rely on third-party services, either to perform an activity which the organization doesn’t have enough

knowledge about, or as measure to reduce costs, optimizing the use of resources. On the other hand, it

supports the reduction of uncertainties where formed partnerships even the association between market

19

Figure 2.7: BMC ontology. [49, 60]

competitors to develop and work together on the design of new products.

Key activities Activities which are important to enable the value proposition of an organization, as well

as make use of key resources in the services offered to its customers. Therefore, consulting and train-

ing are examples of key activities. Moreover, platforms an organization uses to deliver their services to

customers enable a value proposition. As an example, credit cards companies require activities related

to transactions between customers, banks and retailers.

Key resources An organization having key resources generates a value proposition. These can be

physical resources (infrastructures, data centers, etc.), human resources (IT software developers, re-

searchers), intelectual (patents), or financial (budget to conduct new products research).

Channels The channels detail the connection between an organization and its customers. This connec-

tion acts as an interface where the organization can evaluate its value propositions and raise awareness

about its offers.

Customer relationships This block represents organizations relationships with its customer segments.

They can be personal (organization face to face contact with customers) or automated (using online

plattforms, for example).

Customer segments Represents the different segments of action of an organization. The requirements

to address the needs of a customer might differ from one to another, resulting in separate type of ser-

vices offers.

Cost structure Here is listed relevant cost elements of an organization. They can be represented by

taking into account the information described in the key activities and key resources blocks, for example.

Revenue streams Addresses the payment workflow of an organization, based on its incomes.

The BMC is usually developed after a brainstorming session, in order to accomplish strategic man-

agement measures. This action is intended to help viewing the current state of a business or address a

20

Figure 2.8: Example of risk questions using a BMC. [8]

change of direction, enabling the design of new products/services.

2.4.2 Business Model Canvas to support Risks identification

As referred in section 2.2.3, the first step of a Risk Management process is to establish the context of

an organization. The design of a Business Model Canvas permits an overall understanding of all levels

of operation in an organization, as it is described in section 2.4.1. After establishing the context, the

next step of the Risk Management process is to conduct a risk assessment. For this, the first action is

to identify possible risks within the context of an organization business, as stated in section 2.2.3. Due

to these arguments, one can argue on the fact on which it is possible to use a BMC to support risk

identification of an organization. From the analysis of the nine building blocks of a BMC, one can think of

risk questions for conducting a risk assessment. By answering these questions, a list of identified risks

serves as the outcome of the BMC analysis. A study on this matter was conducted and published as

results of the 4C project work, and can be found in [8].

Figure 2.8 acts as an example of possible risk questions which can be used to identify risks while

designing a BMC.

A practical example of the applicability of BMC to support Risk Management within the scope of

Digital Curation is shown in section 5.2 of this work.

2.5 Discussion

This chapter presented the state-of-the-art for Risk Management and Digital Curation, as well as a

practical approach to help risk identification given an organization context. The idea was to provide a

21

knowledge background of the concepts used in the sections 3, 4 and 5 of this work. It hopes to serve

as a guideline of thoughts on understanding the outlook of risks identification, supported by the creation

of a risk register.

22

Chapter 3

Proposal

3.1 Risk Register examples

This section presents a brief description of other risk register examples, one on the context of digital

preservation - DRAMBORA [44] and other addressing information security - ENISA [20].

3.1.1 DRAMBORA

The first document to present a risk register for digital repositories was DRAMBORA. Herein it is de-

scribed the used steps to identify risks affecting digital repositories. As reference standards, the authors

used AS/NZS 4360 [16] and ISO 27001 [35].

The first step was establishing the context for a digital repository (see section 2.2.1). The goals

of a digital repository were identified, specifying their Mandate - ”Legal basis or a formally expressed

intention issued by an organization or its parent to achieve a particular goal or goals”. [44]

Second, the authors identify the main activities, assets, functional classes and owners of a digital

repository, where:

• Activities are tasks performed by organizations;

• Assets is anything which has value for the organization;

• Functional classes are the relationships between organizations activities and its assets (example:

Functional class: access and dissemination, Activity: users authentication, Asset: digital object).

• Owners represent an entity or individual, responsible for the production, development, mainte-

nance, use and security of the assets. [35]

A sample of this table is shown in figure 3.1.

Third, the outcome of the results from the two steps stated is a list of risks, organized by each

functional class identified in step two, namely:

23

Figure 3.1: Sample of DRAMBORA functional classes, activities, assets and owners. [44]

• Organization management;

• Staffing;

• Financial management;

• Technical Infrastructure and Security;

• Accquisition and Ingest;

• Preservation and Storage;

• Metadata management;

• Access and Dissemination.

A sample of this table is shown in figure 3.2, and the overall table (B) is presented in the appendix of

this dissertation.

DRAMBORA work is often confusing and not easy to serve as a guideline when we try to execute the

risk assessment workflow following its orientations. This conclusion was achieved with the work of [10],

where a new method to conduct a risk assessment to digital preservation was proposed. On the other

hand, if we analyse the identified risks accordingly to ISO 31000 [32], we can argue that it presents risks

which can be understood as events - example: ”R50 - Externally motivated changes or maintenance to

information during ingest” (see figure 3.2).

24

Figure 3.2: Sample of DRAMBORA list of risks. [44]

3.1.2 ENISA

The technical report ”To Log or Not To Log” [20] produced by the European Network and Information

Security Agency (ENISA), presents a risk log for ciber-information security. A risk log is another name

used to designate a risk register, as we can confirm by consulting [33]. In ENISA report, a framework

and risk assessment method for information security is proposed, designated by ERF. [20]

EFR risk assessment method uses as a reference standard the ISO 27000 [35] for risk identification,

following the next steps, as stated in [20]:

• Assets identification and evaluation: using a qualitative analysis scale (1-Very Low to 5-Very

High) to estimate the asset value and its impact;

• Vulnerabilities identification and assessment: refers to an aspect of a system/process (the

assets) that can be exploited for purposes other than those originally intended (ex: security

holes). [35] The evaluation used a qualitative analysis scale (1-Very Low to 5-Very High) to ad-

dress:

– Severity - the impact that will be incurred if the particular vulnerability is exploited; [35]

– Exposure - the ease of exploiting the particular vulnerability through physical or electronic

means. [35]

• Threats identification and assessment: possible threats that could exploit the vulnerabilities of

the assets identified. They can be of humam-nature (breach of security) or natural (environmental

disaster). The assessment is made accordingly to:

25

– Capability - the amount of information available to the threat agent (knowledge, training,

technological sophistication etc.) and the availability of the required resources; [35]

– Motivation - the ease of exploiting the particular vulnerability through physical or electronic

means. [35]

• Identification of existing / implemented controls: mitigation measures to assure assets protec-

tion.

After these steps are accomplished, risks are identified accordingly to this formula:

Figure 3.3: ENISA ERF risk identification function. [20]

The idea is as follows:

• Mapping threats to vulnerabilities: identification of possible threats that could exploit each vul-

nerability of each asset. Represents unique pairs of vulnerability and threats of a certain asset,

resulting in a risk; [20]

• Risk value: is a function of the asset, vulnerability and threats values. For each consequence, the

asset values, threats and vulnerability levels, are matched in a matrix such as the one shown in

figure 3.4. It enables to identify the relevant measure of risk level for each consequence, using a

scale of 1 to 13. [20]

Figure 3.4: ENISA ERF risk assessment scale. [20]

The outcome of this risk identification resulted in the acknowledge of the following assumptions [20],

for risk classification:

• Technical: for the scenario of emerging technologies and infrastructures;

• Policy: for the social, legal and economic scenarios;

• Social: for the scenario on how individuals act within society (ex: ciber-espionage);

26

• Legal: for the scenario of implementation of legal protections (ex: data privacy, protection and

collection);

• Economical: for the scenario where products, services and devices are produced in order to

achieve profits.

Moreover, ENISA’s report [20] classifies assets as being:

• Tangible - identified within the information security system context, such as: (i) Services (ex:

web-plattforms, networking, electronic devices); (ii) Infrastructures (ex: storage, metadata, soft-

ware, hardware); (iii) Legal (ex: digital rights, policies, laws); (iv) Financial (ex: economical fac-

tors); (v) Human (ex: bio-sensors, social and human rights);

• Intangible - difficult to identify and measure such as: (i) Ciber Actors (ex: avatar’s); (ii) Social

and professional reputation (ex: digital identity); (iii) Sentiments (ex: personnal opinions);

(iv) Ideas (ex: creation of new concepts or knowledge).

Table 3.5 shows the top risks identified accordingly to ENISA, for ciber-information security;

Figure 3.5: ENISA list of top risks after executing the ERF risk assessment method. [20]

ENISA’s EFR risk assessment method presents a thorough understanding of the context of ciber-

security. Risks are identified with a function where, for each asset, vulnerability and threat, the con-

sequence is analysed. This enables a deep perception of possible risk scenarios. It makes possbile

to identify relationships between different risks, because some risks might have assets and vulnerabili-

ties/threats which share associations.

3.2 Solution

From the necessity of building a knowledge base of risks for Digital Curation, raise the awareness of

the creation of a risk register. This necessity was due to have become of relevance the identification of

emerging risks within the context of Digital Curation. Only by doing so, one could gather the facts for

27

analysing and reporting the status of repositories business continuity and perceive its assets value. Tak-

ing from this viewpoint, it would be possible to address the implementation of controls as risk mitigation

measures. This attitude enables the acknowledgement of opportunities regarding digital repositories

business, resulting in gains rather than losses. A study explaining in detail this idea was published under

the 4C project. [8]

A risk register is a record of information about identified risks. [33] Herein, based on the risk register

examples presented in sections 3.1.1, 3.1.2, we present a solution towards the creation of a risk register

for Digital Curation, aligned with the concepts of the reference model for repositories, OAIS. [14]

Furthermore, this solution follows the principles and guidelines, techniques and concepts provided

by the ISO 31000 family standards. [32, 34, 33] To provide background on the terms used, a description

is presented next, accordingly to the ISO-Guide73 Risk Management - Vocabulary. [33]

Assets - anything that has value for an organization.

Vulnerabilities - properties of an asset that can be exploited, leading to an event with a consequence.

This defines the level of exposure of an event.

Events - the ocurrence or change of a particular set of circumstances. This defines the level of likeli-

hood of a change happening;

Consequences - the outcome of an event, which affects objectives. This defines the level of impact

of the ocurrence of an event.

Risk - effect of uncertainty on objectives. An effect can be positive or negative. Objectives are aspects

such as financial, environment, applied to strategic or organization-wide levels. It is characterized

by the relationship between potencial events and consequences. The outcome is the combination

of the consequences of an event and the associated likelihood. This defines the level of risk or

severity;

Controls - implemented mitigation measures.

The techniques [34] used for the risk identification presented in this work were:

Checklists - a simple form of risk identification. A technique which provides a listing of typical un-

certainties which need to be considered. Users refer to a previously developed list, codes or

standards.

Brainstorming - involves stimulating and encouraging free-flowing conversation amongst a group of

knowledgeable people to identify potential failure modes and associated hazards, risks, criteria for

decisions and/or options for treatment.

Structured or semi-structured interviews - in a structured interview, individual interviewees are

asked a set of prepared questions from a prompting sheet which encourages the interviewee

to view a situation from a different perspective and thus identify risks from that perspective. A

semi-structured interview is similar, but allows more freedom for a conversation to explore issues

which arise.

28

To begin with, two iterations of this solution are shown in sections 3.2.1, and 3.2.2. Finally, the last

iteration is presented in section 3.2.3, as the proposed solution.

3.2.1 Risk Register - first iteration

This was the first draft of the solution proposal. It consisted of the direct analysis of DRAMBORA [44]

document. The research comprehended the action of figuring out what was the idea behind the risk

register presented in the DRAMBORA document. 3.1.1.

An updated version of the list of risks (see table (B)) provided by DRAMBORA [44] was produced,

as it is displayed in table 3.1. The risks were organized by categories, following the idea of digital

repositories organizational structure: (i) Strategical, (ex: unit of business strategies); (ii) Personnel,

(ex: unit of human resources); (iii) Legal, (ex: unit of legal advice); (iv) Financial, (ex: unit of economical

analysis); (v) Operational, (ex: unit of services delivery).

The result of this analysis involved risk identification, the first step of risk assessment (see sec-

tion 2.2.3) and used the checklist technique (see introduction of section 3.2, table 2.3). [34] It lacked an

overview of the context of Digital Curation, missing an understanding of the services digital repositories

provide to the community, as well as the relationship between the concepts of assets, vulnerabilities,

threats, events and consequences. Nevertheless, it served as the starting point towards the second

iteration of the proposed solution.

3.2.2 Risk Register - second iteration

Having learned from the previous iteration (see 3.2.1), the steps used to execute the second iteration

were:

1. Establishing the context within Digital Curation scope for risk assessment (see 2.2.3) - this

was achieved by gathering information of the assets of a digital repository (ex: activities, metadata,

services, resources, etc.);

2. Identification of the assets, vulnerabilities, events, consequences and risks - using a set of

questions;

3. Insert the collected information in a risk assessment tool - HoliRisk;

4. Communicate the results - to my team at INESC-ID and risk consultants;

5. Use brainstorming and interviews techniques (see table 2.3) - to validate the achieved results;

6. Re-analyse the identified risks - accordingly to the feedback provided by step 5;

7. Re-do this iteration from step 2 to 6 - the number of times needed until finding a list of risks that

suits Digital Curation context.

On the ongoing process of retrieving information regarding step 2 of this iteration, the questions

asked were:

29

Risk identification

Risk Category Risk ID Risk name

Stra

tegi

cal (

S)

R_S01 Management failure

R_S02 Loss of reputation

R_S03 Activity is overlooked or allocated insufficient resources

R_S04 Community requirements change substantially

R_S05 Community requirements misunderstood or ineffectively communicated

R_S06 Enforced cessation of repository operations

R_S07 Community feedback not received

R_S08 Community feedback not acted upon

R_S09 Business objectives not met

R_S10 Repository loses mandate

R_S11 Business fails to preserve essential characteristics of digital information

R_S12 Business policies and procedures are unknown

R_S13 Business policies and procedures are inefficient

R_S14 Business policies and procedures are inconsistent or contradictory

R_S15 Inability to evaluate repository's successfulness

R_S16 False perception of the extent of repository's success

R_Sx * Please add here new entry when applied to your organization *

Pe

rso

nn

el (

P) R_P01 Loss of key member(s) of personnel

R_P02 Personnel suffer skill loss

R_P03 Personnel skills become obsolete

R_P04 Inability to evaluate personnel effectiveness or suitability

R_Px * Please add here new entry when applied to your organization *

Lega

l (L)

R_L01 Legal liability for breach of contractual responsibilities

R_L02 Legal liability for IPR infringement

R_L03 Legal liability for breach of legislative requirements

R_L04 Liability for regulatory non-compliance

R_Lx * Please add here new entry when applied to your organization *

Fin

anci

al (

F)

R_F01 Finances insufficient to meet repository commitments

R_F02 Misallocation of finances

R_F03 Liability for non-adherence to financial law or regulations

R_F04 Financial shortfalls or income restrictions

R_F05 Repository's inner competition

R_F06 Budgetary reduction

R_Fx * Please add here new entry when applied to your organization *

Op

erat

ion

al (

OP

)

R_OP01 Software failure or incompatibility

R_OP02 Hardware failure or incompatibility

R_OP03 Hardware or software incapable of supporting emerging repository aims

R_OP04 Obsolescence of hardware or software

R_OP05 Media degradation or obsolescence

Table 3.1: List of Risks retrieved from DRAMBORA analysis

30

Figure 3.6: Proposal method for creating a risk register for Digital Curation.

1. What assets are of value for digital curation?

2. What are the main activities of digital repositories/preservation/curation?

3. How are the assets related to digital repositories activities?

4. To which vulnerabilities are these assets exposed to?

5. What is the level of exposure of the assets to vulnerabilities?

6. What events can derive from the exploitation of these assets vulnerabilities?

7. What is the likelihood for those events to occur?

8. What is the level of likelihood for these events to occur?

9. How can the occurrence of these events impact these assets?

10. How can this impact lead to a consequence?

11. What are the consequences that can affect digital repositories goals?

12. How does the likelihood of these events to occur and consequences impact derive possible

risks?

13. What is the level of risk resulted by the combination of the likelihood of these events to

occur and consequences impact?

14. Are there any mitigation measures implemented?

31

Moreover, in this iteration, re-analysis of the DRAMBORA [44] document, and research work of [6,

10, 40, 43] was conducted. Furthermore, the concepts used in this section are present in the ENISA

risk register example. One might conclude that this iteration is following the right course of action.

The second iteration provided the first results of what would become the proposed solution, explained

in section 3.2.3 and demonstrated in section 4.1.

3.2.3 Risk Register - proposed solution

The proposed solution includes an extension to the second iteration: the alignment within the OAIS

reference model concepts. [14] The final version of the solution is as follows:

1. Establishing the context for risk identification in Digital curation (see 2.2.3) - this was achieved

by gathering information regarding the assets of a digital repository (ex: activities, metadata, ser-

vices, resources, etc.);

2. Align this information with the concepts of the OAIS and TRAC reference models - a result

of the traceability of the concepts between OAIS [14], DRAMBORA [44] and TRAC [13] is shown

in table A of the appendix.

3. Identification of the assets, vulnerabilities, events, consequences and risks - using a set of

questions;

4. Insert the collected information in a risk assessment tool - HoliRisk;

5. Communicate the results - to my team at INESC-ID and risk consultants;

6. Use brainstorming and interviews techniques (see table 2.3) - to validate the achieved results;

7. Re-analyse the identified risks - accordingly to the feedback provided by step 5;

8. Re-do this iteration from step 2 to 6 - the number of times needed until finding a list of risks that

suits Digital Curation context.

This solution is demonstrated 4.1 in section and the evaluated results in section 5.

Additionally, the proposed solution was presented in ICEIS 2015 conference, as part of the work

produced within the 4C project. [8, 52]

3.3 Discussion

This chapter presented the solution for the problem description detailed in section 1.2. By presenting

two risk register examples (see sections 3.1.1 and 3.1.2), one could understand the idea behind the

creation of a risk register.

32

Moreover, a profound understanding of the overall context of Digital Curation is a key point to identify

the associations between assets, activities, vulnerabilities, events and consequences. This action en-

ables a thorough risk identification and provides feedback for possible controls to be implemented in the

future.

The proposed solution 3.2.3 intends to provide a set of steps on how to create a risk register for Digital

Curation. This solution is aligned with the reference standards ISO 31000 [32] for Risk Management,

and OAIS [14] for digital repositories.

33

Chapter 4

Demonstration

4.1 A Risk Register for Digital Curation

4.1.1 First and second steps of the proposed solution

Figure 4.1 represents the funcional entities of a digital repository. The concepts displayed in this fig-

ure are defined in table A of the appendix of this work. This table shows the traceability between the

concepts of OAIS [14] reference model for digital repositories, TRAC [13] and the concepts used in

DRAMBORA [44], to specify assets and activities of a digital repository. TRAC is the reference model

for auditing and certification of trustworthy digital repositories (see section 2.3.3). It is possible to ob-

serve that TRAC follows similar concepts used by the OAIS model, since they were produced by the

same organization. In the case of DRAMBORA, it doesn’t consider an explanation regarding these

concepts, although it uses them in the description of identified assets and activities. Therefore, after

analysing DRAMBORA document, it was possible to achieve a tracebility of the terms used and the

concepts stated in OAIS reference model.

Starting from this premise, and the Digital Curation and digital preservation concepts and techniques

presented in section 2.3, suggested assets for Digital Curation are presented in figure 4.2, being or-

ganized by their type: (i) Activities; (ii) Information Package; (iii) Digital Object; (iv) Metadata;

(v) Infrastructure;

4.1.2 Third and fourth steps of the proposed solution

The identification of assets, vulnerabilities, events, consequences, risks and suggested controls

is presented in figures 4.2, 4.3, 4.4, 4.5, 4.6, and 4.7 of this section. From the analysis of these figures,

we can acknowledge that:

• Assets represent a sample of the assets identified in section 4.1.1. A description of the identified

assets aligned with the concepts of OAIS model is displayed. Assets have associations with one

or more vulnerabilities. Relationships inbetween assets, though not displayed, are possible to

address using the risk assessment tool - HoliRisk;

34

Figure 4.1: OAIS Functional Entities

• Vulnerabilities represent the result of the vulnerabilities identified for each asset stated before. It

is displayed the level of exposure, using a qualitative analysis scale (Very Low to Very High);

• Events represent the result of the events identified for each vulnerability of an asset. Events have

associations with one or more vulnerabilities, and may affect one or more assets. The level of

likelihood of ocurrence is displayed using a qualitative analysis scale (1-Never happened before,

2-Once every 10 years, 3-Once every 2 years, 4-Once per half a year, 5-Once per two months,

6-More than once per month);

• Consequences represent the result of the events identified accordingly to its level of likelihood

of ocurrence. Consequences have associations with one or more events. The level of impact is

displayed using a qualitative analysis scale (Zero impact, Negligible impact, Superficial impact,

High impact, Considerable impact, Cataclysmic impact);

• Risks represent the result of the consequences identified accordingly to the ocurrence of an event.

Risks are associated with one consequence. The level of risk(or severity), follows a qualitative

analysis scale (Very Low to Very High);

• Controls represent suggested mitigation measures for the identified risks. Controls are assessed

by vulnerability of exposure, likelihood of event ocurrence, or impact of a consequence.

With this in mind, and regarding the questions stated in section 3.2.2, one can say that: (i) figure 4.2

represents an answer to the questions 1, 2, and 3; (ii) figure 4.3 represents an answer to the questions

4, and 5; (iii) figure 4.4 represents an answer to the questions 6, 7, and 8; (iv) figure 4.5 represents an

answer to the questions 9, 10, and 11; (v) figure 4.6 represents an answer to the questions 12 and 13;

(vi) figure 4.7 represents an answer to the question 14.

Figure 4.8 displays a visual workflow of steps regarding the second step of the proposed solution.

The intention is for the reader to have a view of the executed procedures in order to create a risk

register, These automated procedures were possible due to the use of HoliRisk - a risk assessment

35

tool, developed by our team at INESC-ID. [4] The remaning steps of the proposed solution worked as

evaluation of the under development work, before the results presented in figures 4.2, 4.3, 4.4, 4.5, 4.6,

and 4.7 were achieved.

A practical application of the proposed solution is presented in section 5.1, using two digital reposi-

tories case studies- LNEC and PWA.

Figure 4.2: Digital Curation Assets

Figure 4.3: Digital Curation Vulnerabilities

4.2 Discussion

This chapter conferred a demonstration of the proposed solution detailed in section 3.2. We could

conclude that it was possible to put in practice the proposed solution, assuring that our understanding

36

Figure 4.4: Digital Curation Events

Figure 4.5: Digital Curation Consequences

of the needed steps to follow when creating a risk register were accurate, namely:

(i) it is possible to use the concepts of the reference model OAIS to create a knowledge base for

Digital Curation; (ii) it is possible to use this concepts to retrieve a list of risks for Digital Curation; (iii) it

is possible to create a risk register for Digital Curation, applying the concepts of ISO 31000 [32] aligned

within the concepts of the OAIS [14] reference model.

37

Figure 4.6: Digital Curation Risks

Figure 4.7: Digital Curation Controls

Figure 4.8: Step two of the solution iteration (see section 3.2.3)

38

Chapter 5

Evaluation

5.1 Risk Register Evaluation Case Studies

This section details the evaluation of the work described in section 3.2 and demonstrated in section 4.1,

together with a discussion of the obtained results.

5.1.1 LNEC Case Study

We started by executing the first step of the solution displayed in section 3.2.

From this analysis, we were able to compare our risk register with the new information retrived. This

information was added to the risk register, by executing the second step of the proposed solution.

Figures 5.1, 5.2, 5.3, 5.4, and 5.5 display the new updates to the risk register.

Steps 5 to 7 of the proposed solution were executed alongside with step 2. Informal interviews with

a risk expert at LNEC were conducted, in order to understand the context of their business and gather

important information for step 2 of the solution.

At the end of this procedure, we were able to view the results using a likelihood*consequence

matrix, to assess the level of the risks identified.

After analysing LNEC matrix and with the conceptual matrix example (see figure 2.3), we were able

to understand that the risk ”R3 - Infrastructure damages and loss of information Due To Fire” (see

figure 5.5) is at level II. This means that LNEC should acknowledge this risk as a priority. Risk treatment

should be taken regardeless its cost. This could result in a benefit for LNEC, rather than a loss.

5.1.2 PWA Case Study

The evaluation of PWA [27] digital repository was conducted the same way as the one for LNEC. How-

ever, since the context of its business differs from LNEC, we were able to update our risk register with

new information. The results are shown in figures 5.7, 5.8, 5.9, 5.10, and 5.11 display the new updates

to the risk register created for Digital Curation.

39

Figure 5.1: LNEC Assets

Figure 5.2: LNEC Vulnerabilities

Figure 5.3: LNEC Events

As the LNEC case study, we were able to view the results using a likelihood*consequence matrix,

to assess the severity of the risks identified.

After analysing PWA matrix and with the conceptual matrix example of figure 2.3, we could under-

stand that risk ”R2 - Breach of security Due To Violation of access rights” (see figure 5.11) is at

level II. This means that PWA should acknowledge this risk as a priority. Risk treatment should be taken

regardeless its cost. This could result in a benefit for PWA, rather than a loss.

40

Figure 5.4: LNEC Consequences

Figure 5.5: LNEC Risks

Figure 5.6: LNEC Risk Matrix

41

Figure 5.7: PWA Assets

Figure 5.8: PWA Vulnerabilities

Figure 5.9: PWA Events

5.2 BMC designed for Digital Curation and supported by a Risk

Register

This section suggests another approach of applying Risk Management to Digital Curation. The idea was

to underline the context of Digital Curation using a Business Model Canvas (see section 2.4.1). The

OAIS concepts were used to fulfill the nine blocks of the BMC: activities, customers and segments of

action, relationships between them, partnerships, channels, resources, value proposition, revenues and

42

Figure 5.10: PWA Consequences

Figure 5.11: PWA Risks

Figure 5.12: PWA Risk Matrix

costs. [49] This action was to see the overall line of business of digital repositories.

After, risk questions such as the ones presented in figure 2.8 were answered to provide input about

risks for Digital Curation business. [8, 60]

By observing the data of the risk register created for Digital Curation and the BMC models, we

43

concluded that they achieved similar results. Although the BMC provides detailed information about

risks and its relationship with Digital Curation business, the risk register provides feedback regarding the

assets, vulnerabilities, events, consequences, risks and controls, facilitating not only risk identification,

but risk analysis, evaluation and treatment. [32]

Figures 5.13, 5.14 and 5.15 present the results of the work conducted within the 4C project.

Figure 5.13: General Business Model Canvas

Figure 5.14: LNEC Business Model Canvas

44

Figure 5.15: PWA Business Model Canvas

5.3 Discussion

The results obtained reassured that the risk register represents a knowledge base for Digital Curation.

The only adjustments that were taken in consideration were adding specifications of LNEC/PWA digital

repository business. As an example, (i) as LNEC is a public institution, the vulnerability ”V1 - Gover-

namental funding” (see figure 5.2) was added; (ii) as PWA is a web archive, the event ”E1 - External

attack (ex: bot’s and webcrawlers)” (see figure 5.9) was added.

Both solutions - BMC and Risk Register - presented in this dissertation for building a list of risks for

Digital Curation, follow a similar approach, only the interface is different. Nevertheless, a risk register

is intended to serve as a knowledge base for Digital Curation and organizations lifetime. With this in

mind, one can argue that the BMC is a simple approach to give orientation on the overall status of an

organization in the present time. The creation of a risk register facilitates the storage of risks information

overtime, enabling risk analysis, evaluation and treatment. The outcome of this data is what supports

organizations decision-making towards new opportunities or prevents it of major losses.

45

Chapter 6

Conclusion

6.1 Lessons Learned and Final Thoughts

This work presented the state-of-the-art for Risk Management and Digital Curation, as well as a practical

approach to help on building a list of risks, given an organization context. The idea was to provide a

knowledge background of the concepts used in the sections 3, 4 and 5 of this work. It served as a

guideline of thoughts on understanding the outlook of conducting a risk assessment, supported by the

creation of a risk register.

Moreover, this dissertation displayed a solution for the problem detailed in section 1.2. By presenting

two risk register examples (see sections 3.1.1 and 3.1.2), one could understand the idea behind the

creation of a risk register.

It became clear while drawing the solution that, a profound understanding of the overall context of

Digital Curation, is a key point to identify the associations between assets, activities, vulnerabilities,

events and consequences. This action permits a thorough risk identification and provides feedback for

possible controls to be implemented.

The proposed solution 3.2.3 provided a set of steps on how to create a risk register for Digital Cu-

ration. This solution is aligned with the reference standards ISO 31000 [32] for Risk Management, and

OAIS [14] for digital repositories.

We were able to demonstrate that it is possible to put in practice the proposed solution, assuring that

our understanding of the needed steps to follow when creating a risk register were accurate, namely:

(i) it is possible to use the concepts of the reference model OAIS to create a knowledge base for

Digital Curation; (ii) it is possible to use this concepts to retrieve a list of risks for Digital Curation; (iii) it

is possible to create a risk register for Digital Curation, applying the concepts of ISO 31000 [32] aligned

with the concepts of the OAIS [14] model.

The results obtained reassured that the risk register presents a knowledge base for Digital Cura-

tion. The only adjustments that were taken in consideration were adding specifications of LNEC/PWA

business. As an example, (i) as LNEC is a public institution, the vulnerability ”V1 - Governamental

funding” (see figure 5.2) was added; (ii) as PWA is a web archive, the event ”E1 - External attack (ex:

46

bot’s and webcrawlers)” (see figure 5.9) was added.

As an example of another approach to collect a list of possible risks for Digital Curation, a BMC

designed for DC was presented. Both solutions - BMC and Risk Register - presented in this dissertation

follow a similar approach, only the interface is different. Nevertheless, a risk register is intended to serve

as a knowledge base for Digital Curation and organizations lifetime. With this in mind, one can argue that

the BMC is a simple approach to give orientation on the overall status of an organization in the present

time. The creation of a risk register facilitates the storage of risks information overtime, enabling risk

analysis, evaluation and treatment. The outcome of this data is what supports organizations decision-

making towards new opportunities or prevents it of major losses.

To summarize, a risk register is an important baseline when conducting risk assessment for digital

repositories scope. This work describes how an organization can start to create their own risk register,

following the guidelines of the proposed solution, and using a risk assessment tool such as HoliRisk.

6.2 Future Work

The work shown in this dissertation is the beginning of a solution for an existing problem, which ad-

dresses Digital Curation community. The lack of data to support efficient perception of the value of

Digital Curation assets raises the necessity to adopt preventive measures for business continuity. Apply-

ing Risk Management to Digital Curation is one of the possibilities that could outcome a positive effect

on the evaluation of digital repositories business. Moreover, this attitude helps organizations to underline

their weaknesses and implement mitigation measures, which can provide gains rather than losses. [8]

As future work, I suggest the validation of the risk register to a broaden audience on the context of

Digital Curation. By doing this, the idea of conducting a Delphi technique [42, 19] for risk identification

seems suitable to support a knowledge base of common risks for Digital Curation. This technique is

suggested as another option to support risk identification while executing risk assessment of the Risk

Management process. [34]

The adoption of a BMC [49] to understand de overall levels of operation of an organization, aligned

with the use of Risk Management concepts, is an idea for organizations to acknowledge their costs/revenues

and make more assertive decisions towards future business opportunities. [52]

47

48

Bibliography

[1] ”AIRMIC”, ”ALARM”, and ”IRM”. A risk management standard, 2002.

[2] I. Angevaare. Taking care of digital collections and data: ’curation’ and organisational choices for

research libraries. LIBER Quarterly, 19(1):1–12, 2009.

[3] ANZ. Digital information at risk survey. Technical report, Archives, New Zealand, 2010.

[4] J. ao Edmundo. Holirisk web tool. Technical report, Public Deliverable, TIMBUS project (FP7/2007-

2013) under grant agreement no. 269940, 2010.

[5] R. Bairrao, N. Pradiante, R. Vieira, and J. Borbinha. How can risk assessment techniques be used

to estimate costs for digital curation? In Archives International Meeting (EIA 2014), 2014.

[6] J. Barateiro. A risk management framework applied to digital preservation. PhD thesis, Universi-

dade de Lisboa, Instituto Superior Tecnico, 2012.

[7] J. Barateiro, G. Antunes, F. Freitas, and J. Borbinha. Designing digital preservation solutions: A risk

management-based approach. International Journal of Digital Curation (IJDC), 5(1):4–17, 2010.

[8] J. Borbinha, R. Bairrao, N. Pradiante, A. Nadali, R. Vieira, D. Proenca, A. Caetano, R. Ruusalepp,

and N. Grindley. Collaboration to clarify the cost of curation d4.4 — report on risk, benefit, impact

and value). Technical report, Public Deliverable, 4C Project (FP7/2007-2013 grant agreement no.

600471), 2014.

[9] BSI. BS ISO:31100 Risk management — Code of practice and guidance for the implementation of

BS ISO 31000, 2011.

[10] S. Canteiro. Risk assessment in digital preservation. Master’s thesis, Universidade de Lisboa,

Instituto Superior Tecnico, 2011.

[11] R. A. Caralli, J. F. Stevens, L. R. Young, and W. R. Wilson. Octave allegro: Improving the information

security risk assessment process (cmu/sei-2007-tr-012 esc-tr-2007-012). Software Engineering

Institute at Carnegie Mellon University, 2007.

[12] G. Caruso, L. Briguglio, B. Matthews, C. Tona, and M. Albani. Modelling data value in digital

preservation. In 10th International Conference on Preservation of Digital Objects (iPRES), 2013.

49

[13] CCSDS. Audit and certification of trustworthy digital repositories draft recommended practice

(t.r.a.c.). In Recommendation for Space Data Systems, volume 652.0-M1, pages 1–77. CCSDS,

2011.

[14] CCSDS. Reference model for an open archival information system (o.a.i.s.). In Recommendation

for Space Data Systems, volume 650.0-M2, pages 1–135. CCSDS, 2012.

[15] S. Chapman. Counting the costs of digital preservation: Is repository storage affordable? Journal

of Digital Information, 4(2), 2004.

[16] D. Cooper. The australian and new zealand standard on risk management, as/nzs 4360: 2004.

Tutorial Notes: Broadleaf Capital International Pty Ltd, 2004.

[17] COSO. Enterprise Risk Management - Integrated Framework, 2004.

[18] B. Daskala, I. Askoxylakis, I. Brown, P. Dickman, M. Friedewald, K. Irion, E. Kosta, M. Langheinrich,

P. McCarthy, D. Osimo, et al. Risks and benefits of emerging life-logging applications. Technical

report, European Network and Information Security Agency (ENISA), 2011.

[19] L. D. dos Santos and L. Amaral. Estudos delphi com q-sort sobre a web: a sua utilizacao em

sistemas de informacao, 2004.

[20] ENISA. Reference source for threats, vulnerabilities, impacts and controls in it risk assessment and

risk management. Technical report, European Union Agency for Network and Information Security

(ENISA), 2007.

[21] F. Ferreira. Data governance in engineering and science projects. Master’s thesis, Universidade de

Lisboa, Instituto Superior Tecnico, 2014.

[22] F. Ferreira, M. E. Coimbra, R. Bairrao, R. Vieira, A. T. Freitas, L. M. S. Russo, and J. Borbinha.

Data management in metagenomics: A risk management approach. International Journal of Digital

Curation (IJDC), 9(1):41–56, 2014.

[23] B. Fritscher and Y. Pigneur. Business it alignment from business model to enterprise architecture. In

Advanced Information Systems Engineering Workshops, pages 4–15. Springer Berlin Heidelberg,

2011.

[24] B. Fritscher and Y. Pigneur. Business model design: an evaluation of paper-based and computer-

aided canvases, 2014.

[25] B. Fritscher and Y. Pigneur. A visual approach to business it alignment between business model

and enterprise architecture. Journal of Information System Modeling and Design (IJISMD), 2014.

[26] B. Fritscher and Y. Pigneur. Visualizing business model evolution with the business model canvas:

Concept and tool. In Business Informatics (CBI), 2014 IEEE 16th Conference on, volume 1, pages

151–158. IEEE, 2014.

50

[27] D. Gomes, A. Nogueira, J. Miranda, and M. Costa. Introducing the portuguese web archive initiative.

In 8th International Web Archiving Workshop. Springer, 2009.

[28] H. Hauksson. Metamodeling for business model design. Master’s thesis, KTH Royal Institute of

Technology, 2013.

[29] G. A. Holton. Value-at-risk: theory and practice. Academic Press, 2003.

[30] M. Ide, T. Kishida, M. Aoyama, and Y. Kikushima. An it–driven business requirements engineering

methodology. In Requirements Engineering, volume 432 of Communications in Computer and

Information Science, pages 60–76. Springer Berlin Heidelberg, 2014.

[31] ISACA. The Risk IT Framework, 2009.

[32] ISO. IEC/FDIS 31000 Risk management - Principles and guidelines, 2009.

[33] ISO. ISO - Guide 73 Risk management – Vocabulary, 2009.

[34] ISO. ISO ISO/IEC 31010 Risk management – Risk assessment techniques, 2009.

[35] ISO. ISO/IEC 27001 Information technology – Security techniques – Information security manage-

ment systems – Requirements, 2013.

[36] ISO. ISO/PDTR 1812 Information and documentation – Risk assessment for records processes

and systems, 2013.

[37] ISO. ISO/TR 31004 Risk management – Guidance for the implementation of ISO 31000), 2013.

[38] L. Jachia and V. Nikonov. Risk management in regulatory frameworks – towards a better man-

agement of risks. Technical report, United Nations Economic Commission for Europe (UNECE),

2012.

[39] M. Keil, A. Tiwana, and A. Bush. Reconciling user and project manager perceptions of it project

risk: a delphi study1. Information Systems Journal, 12(2):103–119, 2002.

[40] B. F. Lavoie. The open archival information system reference model: Introductory guide. Microform

& imaging review, 33(2):68–81, 2004.

[41] H. L’Hours, U. Bø gvad, K. Johansen, A. Thirifays, D. Wand, S. Strodl, K. Ashley, J. Davidson, P. Mc-

Cann, J. Krupp, and N. Grindley. Collaboration to clarify the cost of curation d3.2 — cost concept

model and gateway specification). Technical report, Public Deliverable, 4C Project (FP7/2007-2013

grant agreement no. 600471), 2014.

[42] H. A. Linstone, M. Turoff, et al. The Delphi method: Techniques and applications, volume 29.

Addison-Wesley Reading, MA, 1975.

[43] E. Maj-Britt Olmutz Zierau. A Holistic Approach to Bit Preservation. PhD thesis, Københavns

Universitet, 2011.

51

[44] A. McHugh, R. Ruusalepp, H. Hofman, et al. Digital repository audit method based on risk assess-

ment (d.r.a.m.b.o.r.a.). Technical report, Digital Curation Centre (DCC) and Digital Preservation

Europe(DPE), 2007.

[45] A. Nadali, D. Proenca, R. Bairrao, R. Vieira, and J. Borbinha. A risk analysis of business model

canvas for digital curation. In 10th International Digital Curation Conference (IDCC 2015), 2015.

[46] OFG. Management Risk: Guidance for Practitioners (M o R), 2007.

[47] A. Osterwalder. The business model ontology: A proposition in a design science approach. PhD

thesis, University of Lausanne, Switzerland, 2004.

[48] A. Osterwalder and Y. Pigneur. An ontology for e-business models. Value creation from e-business

models, pages 65–97, 2004.

[49] A. Osterwalder and Y. Pigneur. Business Model Generation: A Handbook For Visionaries, Game

Changers, And Challengers. Wiley, 2010.

[50] A. Osterwalder, Y. Pigneur, and C. L. Tucci. Clarifying business models: Origins, present, and future

of the concept. Communications of the association for Information Systems, 15:1–43, 2005.

[51] K. Peffers, T. Tuunanen, M. A. Rothenberger, and S. Chatterjee. A design science research method-

ology for information systems research. Journal of Management Information Systems, 24(3):45–77,

2007.

[52] D. Proenca, A. Nadali, R. Bairrao, and J. Borbinha. Digital curation costs: A risk management

approach supported by the business model canvas. In 17th International Conference on Enterprise

Information Systems (ICEIS 2015), 2015.

[53] T. Raz and D. Hillson. A comparative review of risk management standards. Risk Management,

pages 53–66, 2005.

[54] D. S. Rosenthal, T. S. Robertson, T. Lipkis, V. Reich, and S. Morabito. Requirements for digital

preservation systems: A bottom-up approach. In D-Lib Magazine, volume 11 of D-Lib Magazine.

2005.

[55] R. Ruusalepp. Digital preservation in archives: An overview of current research and practices.

Technical report, Swedish National Archives, Sweden, 2005.

[56] R. Ruusalepp and J. Krupp. Collaboration to clarify the cost of curation d4.1 — a prioritised assess-

ment of the indirect economic determinants of digital curation). Technical report, Public Deliverable,

4C Project (FP7/2007-2013 grant agreement no. 600471), 2013.

[57] R. Ruusalepp, M. Woollard, H. L’Hours, L. Leht, D. Proenca, J. Krupp, and N. Grindley. Collaboration

to clarify the cost of curation d4.3 — quality and trustworthiness as economic determinants in digital

curation). Technical report, Public Deliverable, 4C Project (FP7/2007-2013 grant agreement no.

600471), 2014.

52

[58] W. G. Shenkir and P. Walker. Enterprise risk management: Tools and techniques for effective

implementation. In Institute of Management Accountants, pages 1–31. IMA, 2007.

[59] G. Stoneburner, A. Goguen, and A. Feringa. Risk management guide for information technology

systems. In NIST Special Publication, volume 800-30, pages 1–55. NIST, 2002.

[60] D. Wang, S. Strodl, T. M. Sba, U. Bø gvad, K. Kbdk, M. F. Keeps, J. Borbinha, D. Proenca, A. Nadali,

R. Bairrao, R. Ruusalepp, and N. Grindley. Collaboration to clarify the cost of curation d4.5 — from

costs to business models). Technical report, Public Deliverable, 4C Project (FP7/2007-2013 grant

agreement no. 600471), 2015.

53

54

Appendix A

Traceability between OAIS, TRAC

repository reference models and

DRAMBORA terminology

55

Concepts Traceability

OAIS Terminology Description (OAIS, chap. 1, p.8-16) [14] TRAC DRAMBORA

Access Functional Entity

Contains the services and functions which make the archival information holdings and related services visible to Consumers.

Access Rights Information

Identifies the access restrictions pertaining to the Content Information, including the legal framework, licensing terms, and access control. It contains the access and distribution conditions stated within the Submission Agreement, related to both preservation (by the OAIS) and final usage (by the Consumer). It also includes the specifications for the application of rights enforcement measures.

Access Aid A software program or document that allows Consumers to locate, analyse, order or retrieve information from an OAIS.

Access Policy Written statement, authorized by the repository management, that describes the approach to be taken by the repository for providing access to objects accessioned into the repository. The Access Policy may distinguish between different types of access rights, for example between system administrators, Designated Communities, and general users.

Access Collection A collection of AIPs that is defined by a Collection Description but for which there is no Packaging Information for the collection in Archival Storage.

Access Software A type of software that presents part of or all of the information content of an Information Object in forms understandable to humans or systems.

Adhoc Order A request that is generated by a Consumer for information the OAIS has indicated is currently available.

Administration Functional Entity

Contains the services and functions needed to control the operation of the other OAIS functional entities on a dayto- day basis.

AIP Edition An AIP whose Content Information or Preservation Description Information has been upgraded or improved with the intent not to preserve information, but to increase or improve it. An AIP edition is not considered to be the result of a Migration.

AIP Version An AIP whose Content Information or Preservation Description Information has undergone a Transformation on a source AIP and is a candidate to replace the source AIP. An AIP version is considered to be the result of a Digital Migration.

Archival Information Collection (AIC)

An Archival Information Package whose Content Information is an aggregation of other Archival Information Packages.

Archival Information Package (AIP)

An Information Package, consisting of the Content Information and the associated Preservation Description Information (PDI), which is preserved within an OAIS.

Archival Information Unit (AIU)

An Archival Information Package where the Archive chooses not to break down the Content Information into other Archival Information Packages. An AIU can consist of multiple digital objects (e.g., multiple files).

Archival Storage Functional Entity

The OAIS functional entity that contains the services and functions used for the storage and retrieval of Archival Information Packages

Archive An organization that intends to preserve information for access and use by a Designated Community.

Associated Description

The information describing the content of an Information Package from the point of view of a particular Access Aid.

Authenticity The degree to which a person (or system) regards an object as what it is purported to be. Authenticity is judged on the basis of evidence.

Collection Description

A type of Package Description that is specialized to provide information about an Archival Information Collection for use by Access Aids.

Common Services The supporting services such as inter-process communication, name services, temporary storage allocation, exception handling, security, and directory services necessary to support the OAIS.

Consumer The role played by those persons, or client systems, who interact with OAIS services to find preserved information of interest and to access that information in detail. This can include other OAISes, as well as internal OAIS persons or systems.

Content Data Object

The Data Object, that together with associated Representation Information, comprises the Content Information.

Content Information

A set of information that is the original target of preservation or that includes part or all of that information. It is an Information Object composed of its Content Data Object and its Representation Information.

Context Information

The information that documents the relationships of the Content Information to its environment. This includes why the Content Information was created and how it relates to other Content Information objects.

Co-operating Archives

Those Archives that have Designated Communities with related interests. They may order and ingest data from each other. At a minimum, Co-operating Archives must agree to support at least one common Submission Information Package (SIP) and Dissemination Information Package (DIP) for inter-Archive requests.

Data A reinterpretable representation of information in a formalized manner suitable for communication, interpretation, or processing. Examples of data include a equence of bits, a table of numbers, the characters on a page, the recording of sounds made by a person speaking, or a moon rock specimen.

Data Dictionary A formal repository of terms used to describe data.

Data Dissemination Session

A delivery of media or a single telecommunications session that provides Data to a Consumer. The Data Dissemination Session format/contents is based on a data model negotiated between the OAIS and the Consumer in the request agreement. This data model identifies the logical constructs used by the OAIS and how they are represented on each media delivery or in the telecommunication session.

Data Management Functional Entity

The OAIS functional entity that contains the services and functions for populating, maintaining, and accessing a wide variety of information. Some examples of this information are catalogs and inventories on what may be retrieved from Archival Storage, processing algorithms that may be run on retrieved data, Consumer access statistics, Consumer billing, Event Based Orders, security controls, and OAIS schedules, policies, and procedures.

Data Management Data

The data created and stored in Data Management persistent storage that refer to operation of an Archive. Some examples of this data are accounting data for Consumer billing and authorization, policy data, Event Based Order (subscription) data for repeating requests, preservation process history data, and statistical data for generating reports to Archive management.

Data Object Either a Physical Object or a Digital Object.

Data Submission Session

A delivery of media or a single telecommunications session that provides Data to an OAIS. The Data Submission Session format/contents is based on a data model negotiated between the OAIS and the Producer in the Submission Agreement. This data model identifies the logical constructs used by the

Producer and how they are represented on each media delivery or in the telecommunication session.

Derived AIP An AIP generated by extracting or aggregating information from one or more source AIPs.

Descriptive Information:

The set of information, consisting primarily of Package Descriptions, which is provided to Data Management to support the finding, ordering, and retrieving of OAIS information holdings by Consumers.

Designated Community

An identified group of potential Consumers who should be able to understand a particular set of information. The Designated Community may be composed of multiple user communities. A Designated Community is defined by the Archive and this definition may change over time.

Digital Migration The transfer of digital information, while intending to preserve it, within the OAIS. It is distinguished from transfers in general by three attributes: – a focus on the preservation of the full information content that needs preservation; – a perspective that the new archival implementation of the information is a replacement for the old; and – an understanding that full control and responsibility over all aspects of the transfer resides with the OAIS.

Digital Object An object composed of a set of bit sequences.

Dissemination Information Package (DIP)

An Information Package, derived from one or more AIPs, and sent by Archives to the Consumer in response to a request to the OAIS.

Event Based Order A request that is generated by a Consumer for information that is to be delivered periodically on the basis of some event or events.

Federated Archives A group of Archives that has agreed to provide access to their holdings via one or more common finding aids.

Finding Aid A type of Access Aid that allows a user to search for and identify Archival Information Packages of interest.

Fixity Information The information which documents the mechanisms that ensure that the Content Information object has not been altered in an undocumented manner. An example is a Cyclical Redundancy Check (CRC) code for a file.

Global Community An extended Consumer community, in the context of Federated Archives, that accesses the holdings of several Archives via one or more common Finding Aids.

Independently Understandable

A characteristic of information that is sufficiently complete to allow it to be interpreted, understood and used by the Designated Community without having to resort to special resources not widely available, including named individuals.

Information Any type of knowledge that can be exchanged. In an exchange, it is represented by data. An example is a string of bits (the data) accompanied by a description of how to interpret the string of bits as numbers representing temperature observations measured in degrees Celsius (the Representation Information).

Information Object A Data Object together with its Representation Information.

Information Package

A logical container composed of optional Content Information and optional associated Preservation Description Information. Associated with this Information Package is Packaging Information used to delimit and identify the Content Information and Package Description information used to facilitate searches for the Content Information.

Information Property

That part of the Content Information as described by the Information Property Description. The detailed expression, or value, of that part of the information content is conveyed by the appropriate parts of the Content Data Object and its Representation Information.

Information Property Description

The description of the Information Property. It is a description of a part of the information content of a Content Information object that is highlighted for a particular purpose.

Ingest Functional Entity

The OAIS functional entity that contains the services and functions that accept Submission Information Packages from Producers, prepares Archival Information Packages for storage, and ensures that Archival Information Packages and their supporting Descriptive Information become established within the OAIS.

Knowledge Base A set of information, incorporated by a person or system, that allows that person or system to understand received information.

Local Community The community which would be served by the Archive outside of the context of Federated Archives.

Long Term A period of time long enough for there to be concern about the impacts of changing technologies, including support for new media and data formats, and of a changing Designated Community, on the information being held in an OAIS. This period extends into the indefinite future.

Long Term Preservation

The act of maintaining information, Independently Understandable by a Designated Community, and with evidence supporting its Authenticity, over the Long Term.

Management The role played by those who set overall OAIS policy as one component in a broader policy domain, for example as part of a larger organization.

Member Description

An Associated Description that describes a member of a collection.

Metadata Data about other data.

Non-Reversible Transformation

A Transformation which cannot be guaranteed to be a Reversible Transformation.

Open Archival Information System (OAIS)

An Archive, consisting of an organization, which may be part of a larger organization, of people and systems, that has accepted the responsibility to preserve information and make it available for a Designated Community. It meets a set of responsibilities, as defined in section 4, that allows an OAIS Archive to be distinguished from other uses of the term ‘Archive’. The term ‘Open’ in OAIS is used to imply that this Recommendation and future related Recommendations and standards are developed in open forums, and it does not imply that access to the Archive is unrestricted.

Order Agreement An agreement between the Archive and the Consumer in which the physical details of the delivery, such as media type and format of Data, are specified.

Ordering Aid An application that assists the Consumer in discovering the cost of, and in ordering, AIPs of interest.

Other Representation Information

Representation Information which cannot easily be classified as Semantic or Structural. For example software, algorithms, encryption, written instructions and many other things may be needed to understand the Content Data Object, all of which therefore would be, by definition, Representation Information, yet would not obviously be either Structure or Semantics. Information defining how the Structure and the Semantic Information relate to each other, or software needed to process a database file would also be regarded as Other Representation Information.

Overview Description

A specialization of the Collection Description that describes the collection as a whole.

Package Description

The information intended for use by Access Aids.

Packaging Information

The information that is used to bind and identify the components of an Information Package. For example, it may be the ISO 9660 volume and directory information used on a CD-ROM to provide the content of several files containing Content Information and Preservation Description Information.

Physical Object An object (such as a moon rock, bio-specimen, microscope slide) with physically observable properties that represent information that is considered suitable for being adequately documented for preservation, distribution, and independent usage.

Practice Actions conducted to execute procedures. Practices are measured by logs or other evidence that record actions completed.

Preservation Description Information (PDI)

The information which is necessary for adequate preservation of the Content Information and which can be categorized as Provenance, Reference, Fixity, Context, and Access Rights Information.

Preservation Implementation Plan

A written statement, authorized by the management of the repository, that describes the services to be offered by the repository for preserving objects accessioned into the repository in accordance with the Preservation Policy.

Preservation Planning Functional Entity

The OAIS functional entity which provides the services and functions for monitoring the environment of the OAIS and which provides recommendations and preservation plans to ensure that the information stored in the OAIS remains accessible to, and understandable by, and sufficiently usable by, the Designated Community over the Long Term, even if the original computing environment becomes obsolete.

Preservation Strategic Plan

A written statement, authorized by the management of the repository, that states the goals and objectives for achieving that part of the mission of the repository concerned with

preservation. Preservation Strategic Plans may include long-term and short-term plans.

Preservation Policy Written statement, authorized by the repository management, that describes the approach to be taken by the repository for the preservation of objects accessioned into the repository. The Preservation Policy is consistent with the Preservation Strategic Plan.

Procedure A written statement that specifies actions required to complete a service or to achieve a specific state or condition. Procedures specify how various aspects of the relevant Preservation Implementation Plans are to be fulfilled

Producer / Provider (or Submitter)

A person or system that submits a digital object to the repository. The Provider can be the Producer.

Provenance Information

The information that documents the history of the Content Information. This information tells the origin or source of the Content Information, any changes that may have taken place since it was originated, and who has had custody of it since it was originated. The Archive is responsible for creating and preserving Provenance Information from the point of Ingest; however, earlier Provenance Information should be provided by the Producer. Provenance Information adds to the evidence to support Authenticity.

Reference Information

The information that is used as an identifier for the Content Information. It also includes identifiers that allow outside systems to refer unambiguously to a particular Content Information. An example of Reference Information is an ISBN.

Reference Model A framework for understanding significant relationships among the entities of some environment, and for the development of consistent standards or specifications supporting that environment. A reference model is based on a small number of unifying concepts and may be used as a basis for education and explaining standards to a non-specialist.

Refreshment A Digital Migration where the effect is to replace a media instance with a copy that is sufficiently exact that all Archival Storage hardware and software continues to run as before.

Repackaging A Digital Migration in which there is an alteration in the Packaging Information of the AIP.

Replication A Digital Migration where there is no change to the Packaging Information, the Content Information, and the PDI. The bits used to represent these Information Objects are preserved in the transfer to the same or new media instance.

Repository Mission Statement

A written statement, authorized by the management of the repository, that, among other things, describes the commitment of the organization for the stewardship of digital objects in its custody.

Representation Information

The information that maps a Data Object into more meaningful concepts. An example of Representation Information for a bit sequence which is a FITS file might consist of the FITS standard which defines the format plus a dictionary which defines the meaning in the file of keywords which are not part of the standard. Another example is JPEG software which is used to render a JPEG file; rendering the JPEG file as bits is not very meaningful to humans but the software, which embodies an understanding of the JPEG standard, maps the bits into pixels which can then be rendered as an image for human viewing.

Representation Network

The set of Representation Information that fully describes the meaning of a Data Object. Representation Information in digital forms needs additional Representation Information so its digital forms can be understood over the Long Term.

Representation Rendering Software

A type of software that displays Representation Information of an Information Object in forms understandable to humans.

Retrieval Aid An application that allows authorized users to retrieve the Content Information and PDI described by the Package Description.

Reversible Transformation

A Transformation in which the new representation defines a set (or a subset) of resulting entities that are equivalent to the resulting entities defined by the original representation. This means that there is a one-to-one mapping back to the original representation and its set of base entities.

Search Session A session initiated by the Consumer with the Archive during which the Consumer will use the Archive Finding Aids to identify and investigate potential holdings of interest.

Semantic Information

The Representation Information that further describes the meaning beyond that provided by the Structure Information.

Structure Information

The Representation Information that imparts meaning about how other information is organized. For example, it maps bit streams to common computer types such as characters, numbers, and pixels and aggregations of those types such as character strings and arrays.

Submission Agreement

The agreement reached between an OAIS and the Producer that specifies a data model, and any other arrangements needed, for the Data Submission Session. This data model identifies format/contents and the logical constructs used by the Producer and how they are represented on each

media delivery or in a communication session.

Submission Information Package (SIP)

An Information Package that is delivered by the Producer to the OAIS for use in the construction or update of one or more AIPs and/or the associated Descriptive Information.

Succession Plan The plan of how and when the management, ownership and/or control of the OAIS holdings will be transferred to a subsequent OAIS in order to ensure the continued effective preservation of those holdings.

Transformation Digital Migration in which there is an alteration to the Content Information or PDI of an Archival Information Package. For example, changing ASCII codes to UNICODE in a text document being preserved is a Transformation.

Transformational Information Property

An Information Property the preservation of the value of which is regarded as being necessary but not sufficient to verify that any Non-Reversible transformation has adequately preserved information content. This could be important as contributing to evidence about Authenticity. Such an Information Property is dependent upon specific Representation Information, including Semantic Information, to denote how it is encoded and what it means. (The term ‘significant property’, which has various definitions in the literature, is sometimes used in a way that is consistent with its being a Transformational Information Property).

Unit Description A type of Package Description that is specialized to provide information about an Archival Information Unit for use by Access Aids.

Appendix B

DRAMBORA list of risks

69

DRAMBORA [44] list of risks:

72