Hello, and welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.
Today we are going to continue the three part series on the CIA Triad, the very foundation of cybersecurity. Remember what the triangle is? Each point of the triangle is part of the triad. The C stands for Confidentiality, the I stands for Integrity, and the A stands for Availability.
We are going to focus on that second letter today, the letter I. Integrity. Now, let’s first come to an understanding that integrity here has a slightly different meaning from how it is often used outside of cybersecurity. While being a person of integrity is an honorable trait (being honest and having strong moral principles), that is not the definition we are looking at here as part of the CIA triad.
Integrity in a cybersecurity context means that data or information in your system is maintained so that it is not modified or deleted by unauthorized parties. Protecting informational integrity implies that you are ensuring that the data remains in its original form, keeping it from being accidentally (or intentionally) disposed of or from being accidentally (or intentionally) changed.
Who cares if the data is modified? Think about that question for a moment. Let’s say you work within a financial organization as an example, and you are having to report how the organization is performing to consumers/clients of the business. You compile the information and send out the report, but someone intercepts the information and changes the data. Would this be bad?
What if you were a student that had just completed your capstone project and you sent the project in to the professor to be graded. During transit the project was intercepted by a ne’er do well and that person elected to modify the contents of your project that resulted in a failing grade. In the grand scheme of things, is that really all that bad?
What if you had classified data that contained military positions and movements that leadership had to view in order to make decisions on logistics, etc and that data was intercepted and modified. Leadership would get the modified data, make decisions based on the modified data, which could be disastrous for the troops on the ground. How about this example? Not so good, eh?
So, as you can see, integrity is something that organizations definitely want to protect which is why it is one of the three foundations of cybersecurity. So, how does one go about protecting integrity? How do you know if information has been modified? This is a simple question with a few answers ranging from simple to more complex. Information integrity can be verified through the utilization of hashes/hash values. What about verification of where the information came from?
Think about this a bit deeper. Most organizations have a supply chain. Have the various suppliers been subject to a risk analysis to ensure that they can be trusted and relied upon? Hard to verify information if you are uncertain where the information is coming from. Much of what needs to happen involves double-checking your double-checking efforts. Audit your audits, continuously validate your systems and data flows, look at your business or your own personal efforts through a risk-based lens. If you can definitively identify that the information comes from a trusted source and you understand all of the paths that your information flows across, then you are doing your part to ensure the integrity of your information. This is an ongoing repetitive effort that needs constant and consistent scrutinization.
GuardSight professionals do this type of work every single day. From ensuring GuardSight-specific information integrity to diving into client environments and analyzing the risks, they are doing their part to protect integrity each and every day. So, if you have questions about how to protect integrity, if you have concerns about your organizational information integrity, or just are interested in what information integrity entails, reach out to us! We will take the time to collaborate on any questions you may have.
We here at GuardSight thank you for taking the time to listen to this TomCast. For more information on various cybersecurity tips head on over to our website and check out more TomCasts. Those are located over on www.guardsight.com/tomcast. Or, if you would like more information on what GuardSight can do for you, head on over to www.guardsight.com and contact us. There are several free cybersecurity tools out there that can help you improve your overall security posture. We’d love to hear from you! Thanks!