Information Security | Integrity
Integrity is the protection of system data from intentional or accidental unauthorized changes. The challenges of the security program are to ensure that data is maintained in the state that is expected by the users. Although the security program cannot improve the accuracy of the data that is put into the system by users. It can help ensure that any changes are intended and correctly applied. An additional element of integrity is the need to protect the process or program used to manipulate the data from unauthorized modification. A critical requirement of both commercial and government data processing is to ensure the integrity of data to prevent fraud and errors. It is imperative, therefore, no user be able to modify data in a way that might corrupt or lose assets or financial records or render decision making information unreliable. Examples of government systems in which integrity is crucial include air traffic control system, military fire control systems, social security and welfare systems. Examples of commercial systems that require a high level of integrity include medical prescription system, credit reporting systems, production control systems and payroll systems.
Protecting against Threats to Integrity: Like confidentiality, integrity can also be arbitrated by hackers, masqueraders, unprotected downloaded files, LANs, unauthorized user activities, and unauthorized programs like Trojan Horse and viruses, because each of these threads can lead to unauthorized changes to data or programs. For example, unauthorized user can corrupt or change data and programs intentionally or accidentally if their activities on the system are not properly controlled. Generally, three basic principles are used to establish integrity controls:
- Need-to-know access: User should be granted access only into those files and programs that they need in order to perform their assigned jobs functions.
- Separation of duties: To ensure that no single employee has control of a transaction from beginning to end, two or more people should be responsible for performing it.
- Rotation of duties: Job assignment should be changed periodically so that it becomes more difficult for the users to collaborate to exercise complete control of a transaction and subvert it for fraudulent purposes.
Integrity Models – Integrity models are used to describe what needs to be done to enforce the information integrity policy. There are three goals of integrity, which the models address in various ways:
- Preventing unauthorized users from making modifications to data or programs.
- Preventing authorized users from making improper or unauthorized modifications.
- Maintaining internal and external consistency of data and programs.
Integrity models includes five models that suggests different approaches to achieving integrity, they are –