Integrity is simply a connection thrown astir a batch successful the cybersecurity space. That’s not surprising. It is 1 of the 3 components that marque up the CIA Triad, aft all. However, the meaning and usage of the connection has been comparatively constricted successful galore information circles up until now.
Let’s instrumentality a look astatine the information manufacture much broadly. In astir conversations dealing with integrity, information information and File Integrity Monitoring (FIM) controls often extremity up being the superior focal areas. But there’s much going connected with integrity than conscionable those 2 information principles. There’s much to speech about.
With that said, let’s instrumentality a measurement backmost and see integrity arsenic a broader concept. A explanation of integrity tin get america started.
Integrity is simply a mode to recognize what matters to an enactment and what an enactment should absorption connected successful bid to forestall undesired consequences. As the ground for spot and reliability, integrity becomes the eventual measurement of strategy security. True integrity allows for nary variance betwixt something’s archetypal and existent state. In different words, that something’s existent authorities tin beryllium trusted due to the fact that thing has changed from its original, trustworthy state.
Tim Erlin, vice president of merchandise absorption for Tripwire, notes that organizations can’t physique spot into their information programs without integrity.
Managing integrity is yet astir managing alteration passim your full environment. Change tin beryllium interior oregon external, authorised oregon unauthorised, intentional oregon accidental, benign oregon malicious. When you instrumentality an expansive presumption of change, it’s wide that managing integrity is astatine the halfway of foundational security.
Expanding the Focus Beyond Data Integrity
As mentioned successful the introduction, integrity is 1 of the 3 CIA Triad principles – confidentiality, integrity, and availability – that service arsenic a model for organizations to marque dependable accusation information policies. In this context, integrity is mostly focused connected the quality of organizational information and connected organizations’ work to marque definite that outer sources don’t win successful compromising that information.
Yet integrity is truthful overmuch bigger. While information integrity is surely important to immoderate information strategy, its broader exertion affects each country of an accusation system. As such, integrity tin beryllium a driving unit of an organization’s full information program. The absorption connected integrity tin grow beyond conscionable information integrity to encompass each aspects of architecture and information measures crossed IT and OT environments.
Here are examples of however integrity tin instrumentality signifier crossed your organization:
- Repeating the illustration mentioned above, information integrity protects the incorruptibility of data. It includes information backup and recovery, encryption, blockchain, individuality and entree absorption (IAM) arsenic good arsenic record entree monitoring.
- System integrity ensures that nary 1 makes unauthorized changes to captious assets. It includes FIM, security configuration management (SCM), host-based intrusion detection systems (IDS), vulnerability management and patching arsenic good arsenic privileged relationship absorption (PAM).
- Network integrity maintains the reliability of connections and protects the information moving done the network. It includes firewalls, network-based intrusion detection systems (IDS), encryption, virtual backstage networks (VPNs) and unafraid distant access.
- Physical integrity protects the facilities and spaces wrong which captious assets reside. It includes entree controls, information monitoring, all-hazards mitigation (fire, water, earthquakes, etc.) and uninterrupted powerfulness supplies.
- Process integrity ensures that organizations person decently integrated, configured and coordinated aggregate controls successful a mode that ensures a holistic attack to incorruptibility and resilience. It includes information incidental and lawsuit absorption (SIEM); information orchestration, automation and effect (SOAR); analytics and reporting; and a well-functioning information operations halfway (SOC).
- People integrity seeks to support spot successful the humans who usage IT and OT systems, who make and usage information arsenic good arsenic who oversee endeavor information efforts. It includes information consciousness training, certification, role-based entree controls (RBAC), end-user behaviour analytics (EUBA), organizational argumentation enforcement and inheritance screening.
Integrity and Tripwire
By gathering an endeavor information strategy focused connected integrity, organizations tin incorporated spot into their people, processes and technology. All they request is the close information solutions supplier to locomotion with them and to assistance to alteration their information efforts.
That’s wherever Tripwire comes in. The company’s best-in-class exertion and services empowers customers to absorption connected the close endpoints successful real-time, on-site and successful the cloud arsenic good arsenic to alteration intelligent decisions and actions that fortify security.