In a previous article, I noted that organizations are witnessing a surge in integrity-based attacks targeting their networks. Enterprises can defend themselves against these types of threats by turning to the National Institute of Standards and Technology (NIST) Cybersecurity Framework. They can then pair the risk-based approach with NIST SP 800-53 and other security control catalogs that enable integrity management.
This discussion begs two questions: what is integrity management, and what does it do?
A Breakdown of Integrity Management
Integrity management is the process by which organizations work to ensure the integrity of their data. Their interest is to make sure they can trust their stored data. As such, they need to protect their corporate information against tampering from attackers.
Ron Ross, a fellow at the National Institute of Standards and Technology (NIST), expands upon the importance of systems and data integrity for organizations:
“Integrity is one of the three pillars of cybersecurity. Establishing strong configuration settings and ensuring that changes to software and firmware are strictly controlled, can promote integrity and reduce an organization’s susceptibility to cyber-attacks that can have devastating effects on organizational missions and business functions. Configuration management and control are critical components in a robust and holistic cybersecurity program—facilitating both system and data integrity.”
At its core, integrity management is made up of countermeasures and safeguards which organizations can use to assess for vulnerabilities and monitor for weaknesses on their networks. These protections, if implemented correctly, help prevent the majority of breaches from occurring. As such, they are effective in reducing an enterprise’s attack surface and addressing operational risks in business-critical systems.
How NIST and Tripwire Play a Part
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/integrity-management-what-it-is-and-how-it-can-protect-your-data/