With the CIA triad in mind, I would like to share an instances where integrity of the information systems was not able to preserve.
Integrity
I worked in conflict-affected areas in eastern-border of Myanmar and we are working with Ethnic Health Organization consortium and developing an information systems for different ethnic groups is tricky. We advocated to shift the information system to a cloud-based system to ensure integrity of the system with different users with different privileges to access part of the system. This was push to maintain the integrity of the system but some organization refused and they want to use a physical server. To access the system we opened a private IPs for different organizations but due to technical difficulties we had to open a public IP. One unauthorized gained access to the system during our system test and were able to access the data fortunately, since it was during a test period, the unauthorized user didn’t see the real patient data because it was not yet uploaded but it gave us an unforgettable lesson about the need to maintain integrity of information system.
We then overcame the technical difficulties since and were even able to successfully advocated to most of our partners to use a cloud platform.