tion to retain truth or, accuracy and be intentionally modified by authorized users only. This means information should not be altered unless the alteration is sanctioned and done with purpose. Imagine a patient under the care of doctors and nurses at a hospital. The patient requires 100 milligrams of medication every six hours. What happens if the nurse accesses the patientsâ€™ medical records and the 100 milligrams is modified (with malicious intent or by accident) and now reads 1,000 milligram? Integrity is important.
No. 1: Data backup systems. Effective data backup strategies should be defined, implemented and monitored for success. If systems or data become unavailable, recovery efforts usually start with restoring from a successful backup job.
There are many cyberattacks used to violate integrity, including: computer viruses, malware, logic bombs, database injections and altering system configurations. Your cybersecurity program should work to promote integrity and defend against these attacks. Here are a few controls that you should consider incorporating into your agencyâ€™s program:
No. 2: Disaster recovery and business-continuity planning. Documenting disaster recovery and business-continuity plans is an absolute must. In addition, these plans should be tested, at least annually to verify their effectiveness.
No. 1: Intrusion prevention systems and intrusion detection systems. These systems examine network traffic flows to detect and prevent vulnerability exploits. Often, this technology is embedded in perimeter defenses such as firewalls. However, it needs to be enabled and configured to work properly. No. 2: Anti-virus/anti-malware. This powerful tool can detect, quarantine and even remove malicious code from computers and systems. It is imperative that antivirus software is installed and configured on all computing devices. No. 3: Vulnerability management. There should be a process for identifying known vulnerabilities across systems and applications and then remediating those vulnerabilities typically by installing patches. No. 4: Log monitoring and analysis. The ability to collect system and application logs and then monitor/analyze them is critical. It can detect anomalies in system behaviors and be used in forensic efforts post incident.
Availability This core security principle is defined as the ability to grant authorized users uninterrupted access to systems and information. This means if someone is supposed to have access to a system or information, then that system or information should be made available to them at all times. Imagine logging into your computer on Monday morning. You are refreshed from the weekend, ready to work and conquer the world. Then suddenly, a message flashes across your computer screen. The message explains that your computer and everything on it has been encrypted by ransomware, and you must pay a fee to receive the decryption key and resume regular work activities. You no longer have access to email, customer records, financial records, etc. What would you do if the applications and data on your computer were no longer available to use? Availability of your computerâ€™s files are important.
No. 3: System monitoring. Monitor critical systems and applications continuously for performance and capacity requirements. Proactive monitoring often can prevent unwanted outages or disruptions. No. 4: Incident response plan. Having a plan to contain, eradicate and recover from a cybersecurity incident is invaluable. Incidents create stress and chaos. Having an incident response plan introduces confidence and organization. As one can see, the core principles of the CIA Triad are simple information security concepts that when applied properly to policy and program creation can have a real meaningful impact your ability to stay safe and protected. Yetto is president of TAG Solutions. Reach him at www.tagsolutions.com.
There are many cyberattacks used to violate availability, including: computer viruses, malware and denial of service. There also are circumstantial events that violate availably such as hardware failure and natural disasters. Your cybersecurity program should be influenced by the availability principle. Here are a few controls that you should consider incorporating into the program: