São Paulo/SP – August 22, 2022. Integrity protection measures serve to protect information against unauthorized changes. These controls ensure data accuracy.
*By Rodrigo Santiago
Integrity is one of the pillars of information security that aims to ensure its protection against unauthorized changes.
Integrity protection measures serve to protect information from unauthorized changes. These controls ensure data accuracy.
Information protection controls should include both information that is stored in systems and information that is transmitted between systems, such as e-mail. To maintain integrity, it is necessary not only to manage access at the system level, but also to ensure that system users (employees, service providers, third parties) can only change information that they are authorized to change.
As with confidentiality protection scenarios, integrity protection has effective countermeasures to protect against unintentional changes such as user errors or data loss resulting from a system malfunction or cyber attack.
Types of information integrity
Information integrity management requires an understanding of the two types of data integrity, physical integrity and logical integrity. Both are groups of processes and controls that enforce data integrity.
Physical integrity: Physical integrity is protecting the integrity and ensuring the accuracy of this information as it is stored and used. When natural disasters occur, for example, the power goes out, or the occurrence of a hacker attack that damages the functioning or status of databases, physical integrity is compromised. Human error can also make it impossible for managers, programmers, or internal auditors to carry out their activities because they cannot get an accurate view of the information.
Logical integrity: Logical integrity are controls that keep information unchanged as it is used in different ways in a database. Logical integrity protects information from human error and hackers as well, but in a different way than physical integrity by implementing network protections and permissions management controls.
Protection Measures
There are many countermeasures that can be applied to protect integrity. Access control and strict authentication can help prevent authorized users from making unauthorized changes. Hash checks and digital signatures can help ensure that transactions are authentic and that files have not been modified or corrupted. Equally important to protecting data integrity are administrative controls such as separation of duties and training.
Information Classification
A proper classification of information allows your organization to apply appropriate security controls. Remember, your controls often come at a cost. Doesn't necessarily need to have the same types of controls for all types of information
Classifying information can save you time and money because you're able to focus on what's important and not waste your time putting unnecessary controls in place.
integrity and the GDPR
Integrity is critical to complying with data protection regulations such as the GDPR. Failure to comply with these regulations can make companies liable for large penalties. In some cases, they may be processed in addition to these significant fees. Repeated compliance violations can even put companies out of business.
Fortunately, there are ways to ensure the integrity of the data you need to comply with GDPR and other data protection and information security laws and regulations. See the material prepared by SAFEWAY on LGPD.
Conclusion
The guarantee of data and information integrity protection keeps your data and information safe from external threats that must first go through the protection mechanisms or try to take advantage of the inattention or bad intention of a collaborator in order to harm the environment. By implementing integrity controls, the organization mitigates the risks that are exposed and ensures a safer work environment in compliance with regulations and standards.
— Rodrigo Santiago is Senior Consultant at [SAFEWAY]
How can we help?
THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.
today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.
In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law Suit, People and Technology.
through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!
