gathered from known good source (quality does not improve with age)
kept in secure manner
delivered via trusted method
cryptographic digital signature to authenticate source
cryptographic checksum for integrity assurance
Integrity: info has not had unauthorized modification. Not corrupted or destroyed. Authorized modifications must be audited.
Transactions: one or more events, eg. moving money account to account,
adjusting inventory, scheduling productions & shipping, coordinated &
committed as a single event.
reserve resources for unique access
comm.: reliable & confidential multiple methods among multiple locations
rollback: remove transactions events if unsuccessful
Methods to minimize risk to accuracy:
limiting use of info: only to people & apps that need & know how to use
verifying: compare to known good copy of info & file attributes or checksums: calculated value that will change if file changes and is hard to make file changes that leave checksum unchanged.
Loss of accuracy: potentially most devastating of security
can be undetected for long time
decisions made on bad info