There are standards, methodologies and audit guidelines for managing risks to data availability and data confidentiality, but there seems to be no such guidance for managing threats to data integrity, writes Sarb Sembhi, president of the London chapter of ISACA.
Maybe it is because there aren't enough suppliers in the market, if there were, they would make some effort to educate the industry, academics awould write papers, and analysts would map out all the different solutions.
It would be reassuring if there were no need for data integrity protection systems, as it would imply that data integrity has never been compromised in any organisation. Sadly, this is not true, it is like saying that data loss never occurred before the HMRC incident in 2007.
Just because there are no major public disclosures, it does not mean that they are not happening. However, looking at the economic climate it will be noticed that there have already been several high-profile fraud cases, and, although not all fraud cases involve manipulation of data, the higher the value of the fraud, the greater the chances are that the fraud would have involved compromising the integrity of the data somewhere within one or more organisations.
In the absence of adequate data integrity protection solutions and services aimed at protecting every type of data regardless of file type, data type, where it is stored, whether it is in stationary or in transit, there is one copy or many, practitioners are going to have to start demanding some tools to fill the needs of their organisations.
With data theft, often there is evidence of it from tools that monitor the movement of data. One of the many challenges with data integrity attacks - where data does not move - is that the effects may not be detected for years, until there is a reason to question the data.
So what are the basic things organisations can do to reduce their exposure to data integrity attacks, and hence high-value frauds?
- Create policies and procedures for data quality and data integrity
- Create policies and procedures to identify the extent of the problem and record incidences of data integrity compromises and suspected incidents of fraud
- Ensure information assets are correctly valued, (including configuration and log files, and meta data)
- Undertake threat assessment of valued data
- Take a risk management approach to protecting data integrity
- Ensure adequate protection of all data that is relied upon for investigatory purposes
- Include data integrity protection as part of security awareness programme.