|
| 1 | +tags:: Software Development |
| 2 | +topic:: [[Security Strategies]] |
| 3 | +softdev:: Unit 4 Outcome 2 |
| 4 | + |
| 5 | +- |
| 6 | +- secure systems ensure that confidentiality, integrity and availability are maintained |
| 7 | +- Threats to Data Integrity |
| 8 | + id:: 65718797-21ee-420b-b49d-befd0c9e975f |
| 9 | + - Accidental |
| 10 | + id:: 65718797-7672-45da-bb63-2c6c4aa27597 |
| 11 | + - users accidentally damage systems |
| 12 | + id:: 65718797-df32-4efc-a1ef-5f2494f66da5 |
| 13 | + - poor interfaces |
| 14 | + - lack of training |
| 15 | + - inappropriate permissions |
| 16 | + - user inattention or carelessness |
| 17 | + - modifications of data are too easy to make |
| 18 | + - Event-based |
| 19 | + id:: 65718797-1f10-4fb9-898b-05d0fe33150a |
| 20 | + - hardware failure, such as storage |
| 21 | + - power failure |
| 22 | + - file corruption |
| 23 | + - third-party software issues |
| 24 | + - acts of nature such as fire, floods or a lightning strike |
| 25 | + - Deliberate |
| 26 | + id:: 65718797-cd9d-42f0-8279-a3ee06ce164b |
| 27 | + - an attack is made on the system or data through [[Malware]], [[Social Engineering]] or other [[Security Vulnerabilities]] |
| 28 | +- Characteristics of Data Integrity |
| 29 | + - Accuracy |
| 30 | + - Content |
| 31 | + - Correctness |
| 32 | + - data is entered correctly, such as correct birthdate, name spellings |
| 33 | + - Completeness |
| 34 | + - the entire data set is intact |
| 35 | + - Form |
| 36 | + - Clarity |
| 37 | + - data is formatted to avoid misinterpretation |
| 38 | + - using ISO date formats, for example |
| 39 | + - Consistency |
| 40 | + - data within a system and the same data stored in multiple systems is consistent |
| 41 | + - if not consistent, which data is 'accurate'? |
| 42 | + - Authenticity |
| 43 | + - comes from the source it is known to be from |
| 44 | + - has not been corrupted or changed |
| 45 | + - is not faked or disguised as something else |
| 46 | + - Reasonableness |
| 47 | + - the data meaning is consistent with the values |
| 48 | + - meaning is determined by understanding the acceptable extent of the data |
| 49 | + - dates are within a range |
| 50 | + - ages are consistent |
| 51 | + - possibility of data occurring, such as playing so many games within a time period |
| 52 | + - Relevance |
| 53 | + - data is appropriate for the use it is being applied |
| 54 | + - Timeliness |
| 55 | + - data must be processed while it is current |
| 56 | + - processing must complete before the data is actually needed |
| 57 | + - a machine alerts that the patient's heartbeat has stopped five minutes after it actually stopped |
| 58 | +- Failure to protect Data Integrity |
| 59 | + - can result in prosecution and/or penalties |
| 60 | + - loss of business and reputation |
| 61 | + - normal business can be seriously disrupted |
| 62 | + - trade secrets can be stolen and sensitive information, such as encryption keys, may be stolen |
| 63 | + - business severely impacted may no longer be able to operate |
0 commit comments