Enterprise Integrity Management defines all technical and operational facilities that are concerned with proving the integrity of important company data. Destruction and unwanted, often insidious, manipulation of sensitive data must be detected and prevented immediately. Organizations use EIM to protect their valuable digital infrastructure itself, or sensitive data stored on it by the company or its customers, from tampering. Proof of compliance with standards or legal regulations is also a component of EIM.

EIM refers to both protecting organizations from data tampering and its impact on ERP systems, production facilities, or the quality and security of manufactured goods. In this context, tampering also refers to targeted attacks on critical infrastructure, for example through a ransomware attack. Preventing data manipulation can also involve monitoring and securing configuration data and access authorizations.

C-I-A triangle – Enterprise Integrity Management (EIM)

A positioning in cyber security (C-I-A triangle) can be described as followed. EIM covers Integrity that ensures that information are in a format that is true and correct to its original purposes. This principle applies to both data-in-rest and data-in-motion. So it must be ensured for the author of data as well as for anyone who can later access this data or receive it that this data is original.

It is mandatory that information can be edited by authorized persons. Possible modifications like create, delete, open, modify, rename, copy, move, and so on needs to be recognized. Unauthorized modifications as well as malfunctions must be detected. Systems with redundancies and high availability or systems for backing up data can help to be on the right way again if data have been changed in an undesirable or undesired way, however they replace these systems for data integrity.

Using our framework for cybersecurity, we capture the requirements for the integrity of sensitive corporate data and transform them into a clearly structured set of rules using our proven methodology. Individual rules can be defined by detailed descriptions as well as by standardized graphics.

The use of graphics can save a lot of time and serves to avoid overlapping and/or contradictory rules. It is also extremely effective in avoiding conceptual gaps.