When you think of the cybersecurity “CIA” triad of Confidentiality, Integrity, and Availability, which one of those is most important to your organization? From a privacy standpoint, confidentiality reigns supreme. Confidentiality is so important that it is codified into many of the cyber regulations of recent years, most notably the
California Consumer Privacy Act (CCPA), as well as
others. If you approach the CIA triad from a strict business mindset, then availability is probably a prime concern. After all, if the data in unavailable, your business is also unavailable.It seems that integrity is often given a casual thought and dismissed with little more than a shrug. Is it because it is just not as visceral as the thought of a privacy violation or as important as five-nines (99.999%) availability? Tripwire’s white paper “
Closing the Integrity Gap with NIST’s Cybersecurity Framework” takes a fresh look at the importance of maintaining data integrity.In recent years, ransomware prevention has been the main focus of business. The horribly disruptive criminal act of encrypting a company’s data and then holding it hostage has come to be seen as a breach event. With some of the newer ransomware strains that first steal the data and threaten the publication of it if the ransom is not paid, ransomware has become a privacy breach, as well. However, the Tripwire document points out that a ransomware attack is a data integrity attack. “Integrity is really at the heart of information security protections for any system,” says Ron Ross, Fellow for
integrity
matter
trust
