ITIL 4 Foundation Practice Exam

What does integrity refer to in the context of information security?

• A. A security objective ensuring information is available to all personnel
• B. A security objective ensuring information is only modified by unauthorized personnel
• C. A security objective ensuring information is only modified by authorized personnel and activities
• D. A security objective ensuring information is destroyed when no longer needed

The correct answer is: A security objective ensuring information is only modified by authorized personnel and activities

In the context of information security, integrity refers to the assurance that information is accurate, reliable, and unaltered except by authorized individuals or processes. This principle is crucial for maintaining trust in the data and ensuring that it has not been tampered with or modified by unauthorized users. Choosing the focus on authorized personnel and activities highlights that integrity is not just about preventing changes but ensuring that any modifications are legitimate and carried out by those who have permission to do so. This means implementing controls and processes that enable authorized users to manage and update information while safeguarding it against unauthorized access or changes. This understanding aligns with the broader framework of information security, which encompasses confidentiality (ensuring information is not disclosed to unauthorized individuals), integrity (ensuring data is accurate and consistent), and availability (ensuring information is accessible to authorized users when needed). Each of these aspects plays a critical role in a comprehensive information security strategy.