• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 487
  • Last Modified:

CIA Integrity Risks

In the traditional CIA confidentiality, availability, integrity tech risk factors around information security/assurance, what are some examples of “integrity” risks? Confidentiality is pretty obvious – restrict access to sensitive data on a business need to know, availability I assume is linked with DDoS type attacks. But intergrity I am not to sure about, so in the context of business critical databases/services what are some integrity risks and subsequent controls?
0
pma111
Asked:
pma111
  • 2
  • 2
2 Solutions
 
xtermieCommented:
read here:
(1) http://en.wikipedia.org/wiki/Information_security
(2) http://it.med.miami.edu/x904.xml
where it reads:
Integrity:   Integrity refers to the trustworthiness of information resources.
It includes the concept of "data integrity" -- namely, that data have not been changed inappropriately, whether by accident or deliberately malign activity.  It also includes "origin" or "source integrity" -- that is, that the data actually came from the person or entity you think it did, rather than an imposter.
Integrity can even include the notion that the person or entity in question entered the right information -- that is, that the information reflected the actual circumstances (in statistics, this is the concept of "validity") and that under the same circumstances would generate identical data (what statisticians call "reliability").
On a more restrictive view, however, integrity of an information system includes only preservation without corruption of whatever was transmitted or entered into the system, right or wrong.

and read this for sure
(3) https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol41no5/pdf/v41i5a05p.pdf
0
 
pma111Author Commented:
I'd read the wiki its management speak - I was hoping for some expert comments and real life examples
0
 
xtermieCommented:
ok, sorry...try reading the CIA PDF file
0
 
pma111Author Commented:
Will do thanks
0
 
ralmadaCommented:
The way I see this, is

1) Confidentiality: Is tied to who can read your data
2) Integrity: Who can make changes (write) to your data.

Adequate access controls is key to maintain confidentiality and integrity. But making changes to your data also requires an additional control and that is that unauthorized changes should be detected timely. That is where adequate logging and monitoring controls come into place.

Hope this is useful for you.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now