Integrity is a word thrown around a lot in the cybersecurity space. That’s not surprising. It is one of the three components that make up the CIA Triad, after all. However, the meaning and use of the word has been relatively limited in many security circles up until now.

Let’s take a look at the security industry more broadly. In most conversations dealing with integrity, data security and File Integrity Monitoring (FIM) controls often end up being the primary focal areas. But there’s more going on with integrity than just those two security principles. There’s more to talk about.

With that said, let’s take a step back and consider integrity as a broader concept. A definition of integrity can get us started.

Integrity Defined

Integrity is a way to understand what matters to an organization and what an organization should focus on in order to prevent undesired consequences. As the basis for trust and reliability, integrity becomes the ultimate measure of system security. True integrity allows for no variance between something’s original and current state. In other words, that something’s current state can be trusted because nothing has changed from its original, trustworthy state.

Tim Erlin, vice president of product management for Tripwire, notes that organizations can’t build trust into their security programs without integrity.

Managing integrity is ultimately about managing change throughout your entire environment. Change can be internal or external, authorised or unauthorised, intentional or accidental, benign or malicious. When you take an expansive view of change, it’s clear that managing integrity is at the core of foundational security.

Expanding the Focus Beyond Data Integrity

As mentioned in the introduction, integrity is one of the three CIA Triad principles – confidentiality, integrity, and availability – that serve as a framework for organizations to make sound information (Read more...)