'Integrity' can be a rich and fascinating property with numerous creative applications and implications in cybersecurity, information security, fraud prevention, safety, trust, commerce, interpersonal interactions and more.

However, define 'integrity' too narrowly and the creative possibilities, as well as its value as a term of art, shrink dramatically.

Take for example the glossary entry from the newly-updated Australian Government Information Security Manual:

Yes, integrity is indeed a property of data - as in digital/computer data - but also other forms of information.

It is relevant to data creation, amendment and deletion, plus interpretation and misinterpretation, misunderstanding, use, and plain old access to information (e.g. authentication of those requesting access).

'Relevance' is itself an integrity property, along with timeliness and quality.

Human or personal integrity is an extremely important factor for anyone in powerful positions, with implications for trustworthiness, credibility, reliability, dependability, authenticity ... Likewise with organisations, leaders, politicians, managers, consultants and lovers, plus systems, apps, networks, functions, protocols, algorithms, processes ...

As part of the classic CIA triad, 'integrity' supports and complements 'confidentiality' and 'availability'. For example, a botched system upgrade, misconfiguration or malware infection can decimate a system - that's 'system' in the broad, by the way: not just a single computer system but all those attached via networks plus all manner of dependent activities. I'm thinking here about incidents involving regional telephone networks, national electricity infrastructures, even wars (remember those 'Weapons of Mass Destruction'? Say no more).

My point is that, despite being admirably succinct, the Australian Government's official definition of 'integrity' has an intensely myopic focus that potentially disregards or diverts attention from an enormous variety of nasty risks.

Ironically enough, that's an integrity issue.

Even the word 'assurance' in the official definition catches my beady eye. Assurance is the outcome of a process of establishing the validity and truth of something, increasing confidence and reducing uncertainties (yet more risks) for recipients - not the thing itself. It's a separate issue.

If I've caught your imagination, ponder my definition of 'integrity' plus 11 'official' definitions (all different) on page 383 of the Cybersecurity Glossary. Follow those underlines for further insight. Highlight the bits that stand out for you. Enjoy!