Gartner Research

Information Integrity

Published: 03 August 2011

ID: G00214120

Analyst(s): Trent Henry

Summary

Information integrity is one of the key security objectives for all organizations. Organizations must deploy integrity controls as part of a systematic, comprehensive security program. Integrity controls can be deployed at various layers of the organization's infrastructure, depending on the type of data and the state (e.g., at rest, in motion, or in use) in which the data exists. This Decision Point considers the most appropriate technical approaches for protecting the integrity of electronic information.

Table Of Contents

Decision Point

Decision Context

  • Architectural Context
  • Related Decisions

Evaluation Criteria

  • Requirements and Constraints
    • Maintain Integrity in All States of Data
    • Maintain Integrity Throughout the Information Life Cycle
    • Manage Integrity in Context
    • Protect Each Set of Information Appropriately

Alternatives

  • Processes and Procedures
  • Adaptation and Disaggregation
  • Resource and Infrastructure Layers
    • Repository and Storage
    • Data and Content (Self-Protection)
    • Application
    • Compute (Systems)
    • Network
    • Identity Services
  • Surety of Protection

Future Developments

Decision Tool

  • Security Baseline Position
    • Establish an IT Security Baseline.
  • Data-at-Rest Position
    • Make use of provider controls.
    • Protect the data itself.
    • Protect at the application layer.
    • Use repository protections.
    • Use a change control system.
    • Use audit and monitoring processes.
  • Data-in-Motion Position
    • Protect the data itself.
    • Use a reliable data-delivery protocol.
    • Use any acceptable delivery protocol for data exchange.
  • Data-in-Use Position
    • Use read-only instances of data to protect integrity.
    • Use other application-layer protection mechanisms.
  • Slowly Changing Unstructured Data-at-Rest Position
    • Attempt to disaggregate the information and use procedures to reduce the consequences to medium or low.
    • Use transforms to detect unauthorized changes and react as necessary.
    • Periodically replace the data with a known good version.
    • Accept the risk.
  • Quickly Changing Unstructured Data-at-Rest Position
    • Attempt to disaggregate the information and use procedures to reduce the consequences to medium or low.
    • Audit and detect problems offline.
    • Accept the risk.
  • Data Self-Protection Position
    • Use procedural controls, transfer, or avoid the risk.
    • Use a transform.
    • Consider accepting the risk.
  • Application-Layer Protection Position
    • The application should apply separation of duties through its design and functions.
    • Attempt to disaggregate the information and use procedures to reduce the consequences to medium or low.
    • Use additional testing to validate the proper operation of the application, and log all actions.
    • Log all actions.

Recommended Reading

Revision History

Notes

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.