Defending on data integrity attacks
We’ve already mentioned that data integrity is going to be the next big threat. Well, Sarb Sembhi, president of the London chapter of ISACA, also thinks like that.
In this very intresting short article, Mr. Sembhi points out something many people think: there are many more attacks than the ones disclosed to the public. He also points out that, tied with the economic climate we currently have, several high-profile fraud cases are being discovered (and we think that unfortunately there are many more to come). Although not directly linked, he implies also that high-value frauds and data integrity attacks are closely related. The likeliness of data integrity being part of these data manipulations increases as the total value of the fraud gets higher; hence, it wouldn’t be wrong to assume that -again- the lack of proper data integrity protection tools certainly doesn’t help preventing this type of cases in organizations.
We are working for showing Mr. Sembhi that we are what he misses: a data integrity protection solution aimed at protecting every type of data.
In the meantime, he mentions a fact as true as the sky is blue: it all starts with putting proper procedures in place. For reducing the organization’s exposure to data integrity attacks (and to high-value frauds), Mr. Sembhi mentions:
- “Create policies and procedures for data quality and data integrity
- Create policies and procedures to identify the extent of the problem and record incidences of data integrity compromises and suspected incidents of fraud
- Ensure information assets are correctly valued, (including configuration and log files, and meta data)
- Undertake threat assessment of valued data
- Take a risk management approach to protecting data integrity
- Ensure adequate protection of all data that is relied upon for investigatory purposes
- Include data integrity protection as part of security awareness programme”
Tags: Data Integrity