Gartner Research

Information Integrity

Published: 10 March 2009

ID: G00203686

Analyst(s): Trent Henry

Summary

Information integrity is one of the five key security objectives for all organizations. Organizations must deploy integrity controls as part of a systematic, comprehensive security program. Integrity controls can be deployed at various layers of the organization's infrastructure depending on the type of data and the state in which the data exists (e.g., at rest, in motion, or in use). This technical position update provides answers to questions around the most appropriate technical approach to protect the integrity of electronic information.

Table Of Contents

Decision Point

Typical Requirements

  • Maintain Integrity in All States of Data
  • Maintain Integrity Throughout the Information Lifecycle
    • Enterprise Policy
    • Infrastructure Surety
  • Manage Integrity in Context
  • Protect Each Set of Information Appropriately

Alternatives

  • Processes and Procedures
  • Adaptation and Disaggregation
  • Infrastructure Layer
    • Repository
    • Data Self-Protection
    • Applications
    • Systems
    • Identity and Access Layer
    • Perimeter Layer
  • Surety of Protection

Future Developments

Evaluation Criteria

Statement and Basis for Position

  • Security Baseline Position
    • Establish an IT security baseline.
  • Data-at-Rest Position
    • Protect the data itself.
    • Protect at the application layer.
    • Use repository protections.
    • Use a change control system.
    • Use audit and monitoring processes.
  • Data-in-Motion Position
    • Protect the data itself.
    • Use a reliable data-delivery protocol.
    • Use any acceptable protocol for data exchange.
  • Data-in-Use Position
    • Use read-only instances of data to protect integrity.
    • Use other application-layer protection mechanisms.
  • Slowly Changing Unstructured Data at Rest Position
    • Attempt to disaggregate the information and use procedures to reduce the consequences to medium or low.
    • Use transforms to detect an unauthorized change and react as necessary.
    • Periodically replace the data with a known good version.
    • Accept the risk.
  • Quickly Changing Unstructured Data at Rest Position
    • Attempt to disaggregate the information and use procedures to reduce the consequences to medium or low.
    • Audit and detect problems offline.
    • Accept the risk.
  • Data Self-Protection Position
    • Use procedural controls, transfer, or avoid the risk.
    • Use a transform.
    • Consider accepting the risk.
  • Application-Layer Protection Position
    • The application should apply separation of duties through its design and functions.
    • Attempt to disaggregate the information and use procedures to reduce the consequences to medium or low.
    • Use additional testing to validate the proper operation of the application and log all actions.
    • Log all actions.

Relationship to Other Components

Revision History

Notes

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.