Integrity of information refers to protecting information from being modified by unauthorized parties. Integrity ensures that data is real, accurate and safeguarded from unauthorized user modification.
Integrity is one of the three pillars of CIA Triad. The other two are confidentiality and availability. Information only has value if it is correct. Information that has been tampered with could prove costly. Untrusted data is devoid of integrity. For example, hackers may cause damage by infiltrating systems with malware, including Trojan horses, which overtake computer systems, as well as worms and viruses. An employee may create company damage through intentionally false data entry. Stored data must remain unchanged within an information system, as well as during data transport.
Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people. These measures include file permissions and user access controls. Version control maybe used to prevent erroneous changes or accidental deletion by authorized users becoming a problem. In addition, some means must be in place to detect any changes in data that might occur as a result of non-human-caused events such as an electromagnetic pulse (EMP) or server crash.
Commonly used methods to protect data integrity includes hashing the data you receive and comparing it with the hash of the original message. However, this means that the hash of the original data must be provided to you in a secure fashion. More convenient methods would be to use existing schemes such as GPG to digitally sign the
Integrity models have three goals:
- Prevent unauthorized users from making modifications to data or programs.
- Prevent authorized users from making improper or unauthorized modifications.
- Maintain internal and external consistency of data and programs.