As we discussed in our previous post, an effective cybersecurity program incorporates the CIA Triad to create a strong foundation for cybersecurity policy, strategy, and solutions. CIA stands for Confidentiality, Integrity, and Availability. We previous discussed the principle of Confidentiality in more detail. In this post, we’re going to focus on the principle of Integrity.
This core security principle is defined as the ability for data and information to retain truth or, accuracy and be intentionally modified by authorized users only. In more general terms, integrity means information should not be altered unless the alteration is sanctioned and done with purpose. Imagine a patient under the care of doctors and nurses at a hospital. The patient requires 100mg of medication every six hours. What happens if the nurse accesses the patients’ medical records and the 100mg has been modified (with malicious intent or by accident) and now reads 1000mg? This example illustrates the importance of integrity.
There are many cyberattacks used to violate integrity including computer viruses, malware, logic bombs, database injections and altering system configurations. Your cybersecurity program should absolutely work to promote integrity and defend against these attacks. Here are a few controls that you should consider incorporating into the program:
1. Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS)
IPS / IDS examines network traffic flows to detect and prevent vulnerability exploits. Many times, this technology is embedded in perimeter defenses such as firewalls but it needs to be enabled and configured to work properly.
2. Anti-Virus / Anti-Malware
This powerful tool can be used to detect, quarantine and even remove malicious code from computers and systems. It is imperative that Antivirus software is installed and configured on all computing devices.
3. Vulnerability Management
There should be a process for identifying known vulnerabilities across systems and applications and then remediating those vulnerabilities typically by installing patches.
4. Log Monitoring and Analysis
The ability to collect system and application logs and then monitor / analyze them is critical. It can detect anomalies in system behaviors and be used in forensic efforts post incident.