Data integrity

The goals of data integrity in an information security context are to prevent unauthorized changes, damage, and ensure data accuracy and reliability.

Data integrity objects are data itself, data in transit, identifiers and keys, metadata and event logs that must be protected from unauthorized access, changes and damage.

Identification and classification of data on the platform is available at the link.

Assessing the degree of data integrity is an important component of information security. For different types of data, the degree of integrity may be different. For example, structured data that is usually stored in databases has a high level of integrity, since their format and location can be easily checked and controlled. However, to ensure their integrity, it is necessary to use protection against unauthorized access, which can lead to data leakage and possible abuse. In turn, unstructured data, which is usually stored in documents and images, has a lower level of integrity, since their integrity is difficult to check, track and control. To ensure their integrity, it is necessary to have access to mechanisms for obtaining a system log and audit, which may include information about changes to documents. Historical and archived documents have a high level of integrity because they are stored in an unchanged and variable-protected environment. These documents may include signatures and seals proving their authenticity.

Finally, according to data classification and security requirements, in order to achieve the required level of integrity for each type of data, an appropriate number of security controls must be integrated.

In the Registry Platform, there are corresponding subsystems: event logging and audit event logging. It has to be noted that the platform provides only basic functionality for collecting and displaying system and audit logs. To build a full-fledged system for monitoring security events in real-time modes, the organization (platform owner) must integrate the platform with the corresponding SIEM system.

The audit event logging subsystem is a subsystem that collects, stores, and analyzes information about the actions of users who have access to data. The subsystem collects complete information about all user actions, including access, modification and deletion of data. More information about the coverage of platform components by the audit subsystem can be found at the link.

You can find out more about the format of data in the audit subsystem by following the link.

The audit subsystem provides administrators with access to data by means of the web interface of the Analytical Reporting Subsystem in the form of a set of service dashboards that are created during registry deployment. More information about the analytical reporting subsystem can be found at the link.

The platform also incorporates the event logging subsystem. It is based on the ElasticSearch, Fluentd and Kibana stack and allows you to collect, analyze and visualize security event logs on the platform. The event logging system provides access to detailed logging of security events at various levels of the core technologies. The subsystem provides enhanced security, extensive logging and log analysis capabilities, real-time problem tracking, and a convenient web-based event log management interface.

More information about the subsystem can be found at the link.

The responsibility for data integrity lies with the company’s management, employees, administrators of databases and other systems, as well as users who have access to data. The roles and responsibilities related to the data integrity issues may vary depending on the size and complexity of the organization, but the definition of roles and responsibilities lies entirely upon the organization (the owner of the platform).

Platform owner:

Information department:

Platform administrators:

Regulations developers:

Information security personnel: - Training of users in the organization (platform owner) on the data security standards and information protection measures.