Skip to content

Term of the Week: Integrity

What is it?

An assurance that information remains unaltered from its intended state as it is produced, transmitted, stored, and received. Ensuring integrity may include ensuring the non-repudiation and authenticity of information as well.

Why is it important?

Integrity is considered by many to be the most important element of the confidentiality, integrity, and availability (CIA) security triad. Any system that is otherwise available and confidential can still be rendered useless if a user cannot be confident that the information it contains is trustworthy, accurate, and complete.

Why does a business professional need to know this?

If you can alter information, you can alter the decisions people make using that information. For organizations, information is of little use unless they can be assured of its integrity. Therefore, maintaining information and system integrity is a core objective of today’s cybersecurity efforts.

Integrity concerns have existed since the earliest days of computing, when system designers used cyclic redundancy checks (CRC) to detect and address errors in data transmission and storage components. While the kind of physical integrity check that CRC provides remains important, cybersecurity predominantly addresses logical integrity of information and the accidental, deliberate, and unauthorized actions that may compromise integrity.

Protections for integrity generally operate at the information and system levels. At the information level, controls are applied to the actual information and its processing, transfer, and storage. At the system level, controls ensure the system can operate unimpaired, while preventing and detecting unauthorized manipulations or integrity violations that could lead to information compromise, theft/exfiltration of data, business disruption, reputational damage, etc.

Integrity assurance is a part of most security controls implemented and used today. Examples include the following:

  • Patching: improving processing integrity so exploits cannot compromise coding weaknesses
  • Antivirus: defending against code designed to compromise the integrity of systems and information
  • File/container permissions: defining the scope of who and what actions can be taken
  • Backups and version control: preserving original copies to defend against unauthorized changes
  • Encryption and digital signing: ensuring information cannot be stolen (encryption) or altered (digital signing)
  • Detection controls: logging, monitoring, and intrusion detection systems (IDS) to discover unauthorized system modifications

References

About Daniel Ziesmer

Photo of Daniel Ziesmer

Daniel Ziesmer is the president of Centripetum, LLC, a Governance, Risk Management, and Compliance (GRC) consulting firm that supports small business risk management and cybersecurity efforts. He is a former professor, security architect, and compliance professional who has established security programs for complex IT and industrial control system environments. Daniel holds numerous industry certifications, is a contributor to a number of scientific and security organizations, and has served as technical editor for more than a dozen industry books and textbooks.

Term: Integrity

Email: integrity@centripetum.com

Website: centripetum.com

Twitter: @Centripetum

LinkedIn: linkedin.com/company/centripetum

Facebook: facebook.com/centripetum

Leave a Reply

Your email address will not be published. Required fields are marked *