Presentation Material

Abstract

Information Security has 3 pillars CIA (Confidentiality, Integrity and Availability). Most organisations spend quite a lot of money in putting Confidentiality (Encryption to secure data in transit or data at rest) and Availability (Disaster Recovery) controls within their environment. For some reason, Integrity controls have been neglected and not many organisations implement Integrity controls to guarantee data accuracy.

Most business processes rely on accuracy of data to take critical and key business decisions but still mostly it is considered adequate to protect confidentiality of data in transit between 2 nodes or systems. How can we ensure Integrity of data that is used in BI tools to make decisions on critical business propositions? Is it acceptable to rely on Encryption controls to guarantee Integrity of data?

• Explaining importance of Integrity with some real life use cases from Industry
• Providing pragmatic options on Integrity Controls

The idea is to have a thought provoking discussion involving audience.

AI Generated Summary^{may contain errors}

The speaker, an expert in content summarization, or a security professional,esentation on ensuring data integrity and trust in complex systems. Here’s a concise summary of the main points:

Key Concerns:

1. Maintaining chain of custody: Ensuring that data remains intact and unchanged as it traverses multiple systems.
2. System complexity: With increasing system complexity, assuring data integrity becomes more challenging.
3. Lack of trust: Without robust measures, regulators and auditors may question the reliability of data.

Potential Solutions:

1. Hashing controls and encryption during system design.
2. Keyless signatures: A novel approach that uses binary tags to prove signing time, ensuring data integrity without relying on cryptographic keys.

Benefits of Keyless Signatures:

1. Tamper-evidence: Demonstrates data integrity throughout its journey.
2. Scalability: Signatures never expire, eliminating concerns about key management.
3. Accessibility: Anyone can verify the data without needing access to keys.

Industry Insights:

1. Overemphasis on confidentiality and availability, with less focus on integrity.
2. Encryption is not always necessary; prioritization criteria are needed to determine when encryption is required.
3. Effective implementation of controls must consider cost, maintainability, and scalability.

Conclusion:

The speaker emphasizes that there is no single solution (silver bullet) for ensuring data integrity. A well-thought-out process starting from system design, considering the purpose and context of information, is essential. Intelligent solutions are needed to address the often-overlooked area of data integrity.