Helping Users Understand Cybersecurity: Integrity Becomes Accuracy

In a previous blog post I explained how I thought that “Privacy” was a better term than “Confidentiality” when we are communicating with non-specialists. Everyday users must play their role in protecting information. This is part of my heretical suggestion that we would should replace “CIA” with “PAR”, as in Privacy, Accuracy, and Reliability.

Cyber Security Accuracy

What Does “Integrity” Mean to the Typical User?

For most people, integrity describes a person of good character. It has to do with ethics and moral behavior. Someone with integrity is honest. We expect them to tell the truth and behave appropriately.

Captain America. Superman. We trust them.

OK, integrity has some aspect of not changing. A person with integrity isn’t honest with some people but not with others. Being honest just some of the time gets you labeled as dishonest. But “integrity” for people is about trust, not consistency.

Another possible confusion is that “integrity” suggests “integral”, meaning that the thing or person plays a central and crucial role.

Remember that we want to enlist the assistance of the users. This involves everyone, including the little people, not just those at the core of the operation.

Data Versus People

“Integrity” is an entirely different concept when we apply it to data. The ideal would be completely immutable information. A set of data that we cannot change. Nor could we delete, move, or hide it. “Carved in stone” but even more so. Even things carved into stone for all time can be wiped out.

Mortuary Temple of Hatshepsut, near the Valley of the Kings in Egypt.
The author at the Mortuary Temple of Hatshepsut, near the Valley of the Kings in Egypt. Hatshepsut, who ruled about 1478-1458 B.C., was the second female pharaoh of Egypt. She is considered to be one of the most successful pharaohs. However, later pharaohs chiseled her cartouches and images off of some stone walls, and smashed and buried her statues. The Romans called a similar practice damnatio memoriae.

It makes little sense to attribute data-style integrity to people. Or, its lack.

“Remember that manager who lacked integrity?”

“Yeah, her glass eye would fall out and roll across the conference table during important meetings. That was very distracting.”

Data Needs Accuracy

In Learning Tree’s CompTIA Security+ test-prep course we are careful to use CompTIA’s terminology. One concept is the distinction between the data owner and the data custodian. The data owner is responsible for creating accurate data. Then, as time passes, the data owner verifies that the stored data continues to be accurate.

If the facts haven’t changed, the description should not change. When the situation changes in some way, then it may be appropriate to change the description. The stored data either doesn’t change at all, or it changes only in carefully limited ways.

Real World Applications Of Data Accuracy

Let’s think about downloading a software update. The latest Linux kernel source code archive, or Oracle patch, or Juniper router operating system update.

Did I get the real software from the real provider?

The real provider — We must authenticate the source. It’s an organization in each of these examples.

The real software — A precise copy, identical down to every single bit of what that organization meant to provide. No bit changed, deleted, or added.

Accuracy Provides Value

I won’t sell many encyclopedias if I can only say that it’s mostly right. Would-be customers will insist on being confident in its accuracy. Some articles may describe fictional characters or things (Atticus Finch, Narnia), but they will be clearly described as being fictional, and the article will accurately describe the fiction.

Completeness is also an issue. Imagine an article that described Atticus Finch’s appearance and the house he lived in, but neglected to mention what he did for a living. That wouldn’t be very useful! You wouldn’t pay very much for that reference source.

Many things can never be complete. Medical records are partial snapshots of noisy biological functions, but they need to be complete enough to serve their purpose.

So, accuracy means “complete”, possibly with an asterix leading to a footnote: “Complete enough to do the job.” Confidence in data accuracy leads to confidence we’ll do the whole job correctly.

Reliability is the Last Point

We need confidence that the job will succeed. That gets into reliability. Check back next time for why I think “Reliability” is a much better term than “Availability”.

Type to search

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.