The CIA Triad of Information Security: Integrity

by Daniel Simpson 0 Comments

Integrity — doing the “right thing” or adhering to moral values — is such a key part of humanity, and yet many businesses don’t openly commit to it. As the “I” in the CIA triad, integrity is essential to a strong information security program.

Although the definition is similar, personal integrity and data integrity are not the same. It’s impossible for data to maintain its own integrity; that rests on the shoulders of our engineers at Agio or your internal technology department.

Why Data Integrity Matters

Data integrity is the basis of cybersecurity. Both encryption, or coding your information so it can’t be stolen, and disaster recovery are essential parts.

Whether you are banking online or are emailing a colleague proprietary business information, encrypting your data ensures prying eyes can’t read or alter what you’re sending. Encryption ensures the assets belonging to any organization remain whole and unmodified by unauthorized individuals or software.

Your data also needs to be protected even when it’s not being transferred.  Non-human events like the following can easily impact data integrity:

  • Server crashes
  • Electrical surges
  • Natural disasters

These changes to data can be mitigated by having a disaster recovery plan in place. For example, having data redundancy in the cloud or frequently backing up and storing data off-site can eliminate data loss in a crisis.

Using Cryptography to Maintain Data Integrity

There are many tools available to aid with keeping the integrity of your organization’s data; cryptography — writing and solving codes — is one of the most ancient.

The shift cipher, for example, became famous thanks to Julius Caesar, who used it in Ancient Rome to protect military information from spies. Caesar and his generals wrote in code, replacing each letter with the one three letters ahead of it (using a “D” to denote an “A,” for example). Unless someone knew the key, the message was illegible.

Centuries later, cryptography is still protecting our important data. The basic principles are still the same, however the methods are very different and the complexity of the ciphers is even greater.

Choosing an Encryption Method

In the field of IT, ciphers are better known as encryption. It’s important to consider how you will encrypt your data when designing an information security system.

Some popular types of encryption that can be used to protect information within your organization are:

  • Triple DES
  • RSA
  • MD5
  • SHA

You should choose a method that is widely accepted in the realm of security. This consistency between organizations means there are no issues in trusting the proprietary encryption that an individual organization may have developed. Your organization’s Chief Technology Officer should be able to recommend an encryption method that fits your needs. If not, consider working with a third-party cybersecurity consultant, such as Agio.