Integrity

Definition

Integrity

the security quality subfactor representing the degree to which the malicious corruption (e.g., via unauthorized creation, modification, or deletion) of valuable assets is properly handled

Objectives

The typical objectives of integrity are to:

• Ensure that security properly addresses the malicious harm that can be caused by malicious corruption of valuable assets
• Model the degree to which malicious corruption is:
  • Prevented
  • Detected
  • Reacted to
  • Adapted to
• Support the analysis and specification of integrity requirements

Types

Integrity can be classified into the following quality subfactors:

• Communications Integrity
• Data Integrity
• Hardware Integrity
• Personnel Integrity
• Software Integrity:
  • Immunity

Guidelines

The following guidelines have been found to be useful regarding integrity:

• Integrity is about more than preventing unauthorized corruption. It also includes:
  • Detection in a timely manner when corruption occurs.
  • Reaction in an appropriate and timely manner when corruption is detected.
  • Adaptation to avoid future corruption.
• Do not restrict integrity to communications or the protection of systems against malware such as viruses (immunity). Stored data can be corrupted, hardware can be corrupted (e.g., to overcome hardware encryption), and software can be corrupted by its developers with logic bombs and trap doors. And finally, personnel can be compromised (e.g., by blackmail or extortion).