Integrity

In Brief

The integrity criterion is the assurance that information can only be modified by authorised persons or processes and according to an established procedure.

Security measures to ensure the integrity criterion must ensure that no one can change information without permission or in a wrong way (See also classification).

Endangering the Integrity Criterion

Here is a non-exhaustive list of threats that can jeopardise the integrity of an asset:

• TECHNICAL FAILURES
  • Equipment malfunction (SME: Insertion or removal of equipment)
  • Software malfunction
  • Attack on the maintainability of the information system (SME: see Unusable backups and Impossible administration and Inappropriate software environment)
• UNAUTHORISED ACTIONS
  • Illegal use of materials (SME: see Misuse of organisational resources)
  • Use of counterfeit or copied software (SME: see Invalid or non-existent licence)
  • Data corruption
  • Illegal data processing (SME: see Unauthorised processing of personal data - Employee monitoring and Regulatory requirements)
• COMPROMISE OF FUNCTIONS
  • User error (SME: see Human error)
  • Abuse of rights (SME: see Abuse of organisational resources)
  • Usurpation of rights (SME: see Malicious administrator and Use of access reserved for a user by a third party).