I recently received a message from one of my friends studying towards his CISA exams and he wanted to know the difference between data integrity, confidentiality, currency and availability. Here is a classic CISA question that deals with all of these terminologies.
Ransom’s Question on 17/04/2017 – Differences between data integrity, confidentiality, currency and availability.
A new regulation that requires banks to accurately report transactions has recently been enacted in your country. As an IS auditor, you have been assigned with the planning of an audit at ABC bank to review their wire transfer system in the context of the new regulation. Which of the following represents the PRIMARY focus of the audit scope?
Select an answer:
A – Data availability.
B – Data confidentiality.
C – Data integrity.
D – Currency of data.
Let us apply the K-E-C approach in answering this question.
Please note that the K-E-C approach is as follows:
K = Keyword, phrase or stem of the question
E = Eliminate two incorrect options
C = Choose the best answer for the remaining two options, linking the answer to the Key or K.
So let us approach this question.
K = Key – The key phrase here is “accurately report transactions”. This question is about accuracy of transactions. I know the word “Priamy” has been put in bold but this question is not about that. There are four words that we are faced with here and we will look at what they all mean below.
E = Eliminate two options – If we go through the options above, we can easily eliminate answers A and B.
Option A refers to data availability. This in incorrect because data availability does not address the objective of accurate report. Data availabilty is whether or not there is data that is available and accessible for systems to operate in various conditions such as normal or disastrous conditions. This is thus not a good answer.
Option B refers to data confidentiality. Again, this in incorrect because data confidentiality does not address the objective of accurate report. Data confidentilaity is about who has access to what type of date. Forexample, payroll data are kept confidential becauise they involve personal identifiable information which, if made publicly available, may damage the image and reputation of individuals or institutions. This is thus not a good answer.
C = Choose the correct answer that lines up with the KEY – We are thus left with options C and D to choose from.
Option D refers to currency of data. The word currency here is not referring to financial currency such as the Rands or the Dollars. This is refering to how current the data is. Currency of data is a term used describe the systems, tools and procedures put in place by an institution to ensure that the most current version of information is available or used. There is a term called data currency, which deals with the financial value of data, but this options says currency of data and not data currency. This option also not a good answer.
Option C refers to data integrity. Data integrity is a fundamental component of information security. In its broadest use, “data integrity” refers to the accuracy and consistency of data stored in a database, data warehouse, datamart or other construct. As you would quickly notice from the definition above, data integrity has to do with accuracy and consistency. This directly addresses our objective that was stated in our key.
The correct answer is thus C – “data integrity”. It agrees with the “key” to accurately report transactions.
For more exam questions and tips,
Please subscribe to recieve daily CISA and CIA exam tips.