Integrity refers to how trustworthy information is after an attack. Has the attacker been given access to financial data, with the result that customers are going to be charged incorrectly at the end of the month? Is the attacker able to edit data, and what effect could these edits have? There is some overlap between confidentiality and integrity when we examine a case where the attacker has limited access to files, and this will be examined with a physical example so that we have some context.

None (N) is defined as follows:

For integrity, imagine there was a vulnerability which allowed an attacker to access student records in the school office. The attacker is able to view everyone's records, but has no ability to change anything. They now know who is performing well in class, but they could have got this information by asking the teacher!

Low (L) is defined as follows:

Returning to the school example, imagine if the vulnerability allowed the attacker to modify a pupil's timetable; this would have limited consequences. In general, pupils and teachers know where they are going, so it would be pretty obvious that a change had been made, and people would still be in the right place at the right time. The rating for the integrity metric would be low in this case.

High (H) is defined as follows:

For our final scenario, the student records were only written in pencil. Now, the attacker could change everybody's grades, which might have an impact on their futures. This vulnerability would score high for integrity, as the attacker can access, edit, and modify all the records/data, which could have serious consequences for somebody:

A system with suitable backups and other checks (for example, check digits or hashes) would help to identify when data had been modified, and by whom. Backups can also help to reduce exposure to the highest impact threats.