Information Security | Integrity

Integrity is the protection of system data from international or accidental unauthorized changes. The challenges of the security program are to ensure that data is maintained in the state that is expected by the users. Although the security program cannot improve the accuracy of the data that is put into the system by users. It can help ensure that any changes are intended and correctly applied. An additional element of integrity is the need to protect the process or program used to manipulate the data from unauthorized modification.
A critical requirement of both commercial and government data processing is to ensure the integrity of data to prevent fraud and errors. It is imperative, therefore, no user be able to modify data in a way that might corrupt or lose assets or financial records or render decision making information unreliable.

Examples of government systems in which integrity is crucial include air traffic control system, military fire control systems, social security and welfare systems.
Examples of commercial systems that require a high level of integrity include medical prescription system, credit reporting systems, production control systems and payroll systems.

Protecting against Threats to Integrity:
Like confidentiality, integrity can also be arbitrated by hackers, masqueraders, unprotected downloaded files, LANs, unauthorized user activities, and unauthorized programs like Trojan Horse and viruses, because each of these threads can lead to unauthorized changes to data or programs.
For example, unauthorized user can corrupt or change data and programs intentionally or accidentally if their activities on the system are not properly controlled.

Generally, three basic principles are used to establish integrity controls:

  1. Need-to-know access: User should be granted access only on to those files and programs that they need in order to perform their assigned jobs functions.
  2. Separation of duties: To ensure that no single employee has control of a transaction from beginning to end, two or more people should be responsible for performing it.
  3. Rotation of duties: Job assignment should be changed periodically so that it becomes more difficult for the users to collaborate to exercise complete control of a transaction and subvert it for fraudulent purposes.

Integrity Models –
Integrity models are used to describe what needs to be done to enforce the information integrity policy. There are three goals of integrity, which the models address in various ways:

  1. Preventing unauthorized users from making modifications to data or programs.
  2. Preventing authorized users from making improper or unauthorized modifications.
  3. Maintaining internal and external consistency of data and programs.

Integrity models includes five models that suggests different approaches to achieving integrity, they are –

  1. Biba
  2. Goguen-Meseguer
  3. Sutherland
  4. Clark-Wilson
  5. Brewer-Nash


My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.




Article Tags :

Be the First to upvote.


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.