What is integrity in information security

In the realm of information security, integrity refers to the completeness of data and accuracy of data. IT Vulnerability Assessments are one way to ensure data integrity and a healthy secure environment.

Integrity is one of the pillars of Information Assurance (IA) there are 5 Pillars namely authentication, availability, confidentiality, nonrepudiation and integrity.

Information is an organisations life blood the data may be on premise or in the cloud or whatever configuration, but it needs to remain unchanged within an information system as well as in motion, via email or other data transfer processes.

Events such as intentional or unintentional data filtration or storage erosion system damage can and will cause havoc. Hackers will cause damage by infiltrating your system embedding malware into your systems or other malicious tactics such as running trojan horses or simply take over systems or activate ransomware. Being able to do system rollbacks when you are hit with ransomware is imperative, at TRG we can assist should you require this. However, the system needs to be active prior to ransom attack. Employees or contractors can intentionally create damage by leaking data or planting a virus purposefully they can simply just delete files and leave sensitive data unprotected. Such acts damage the integrity of the data.

Achieving data integrity is no easy task, rules are consistently as well as routinely applied to all data entering the network and system, and no relaxation of the rules should be allowed. A good method is ensuring checks on the data as close as possible to the source of input (such as human data entry).

This can cause less erroneous data to enter the system. Enforcement of data integrity rules results in less error rates, and this equates in time saved troubleshooting and hours looking for mistakes in data and the errors it may causes to algorithms.

During an annual auditor assessment one of the IT controls that are checked for is accessibility of data and systems, this may lead to a finding which could have been easily prevented.

User access is easy to control with the correct systems in place. For this reason, many organisations big and small are switching to systems that encourage Zero Trust. This ensures you can see what you need to see when you need to see it. Rules can also be set to ensure you can only access data from a certain geographical area. The system can also easily revoke access to data and files and as a simple process ensures you have an audit trail of who accessed sensitive files and when this was done.