Integritymeans information and systems remain accurate, complete, and protected from unauthorized or improper modification. ThePrinciple of Least Privilegeis a direct integrity protection control because it limits who can change data and what changes they are allowed to make. Under least privilege, users, applications, and service accounts receive only the minimum permissions needed to perform approved tasks, and nothing more. This reduces the chance that an attacker using a compromised account can alter records, manipulate transactions, or change configurations, and it also reduces accidental changes by well-meaning users who do not need write or administrative rights.
Least privilege is commonly enforced through role-based access control, separation of duties, restricted administrative roles, just-in-time elevation for privileged tasks, and periodic access reviews to remove excess permissions. These practices are emphasized in cybersecurity frameworks because integrity failures often occur when excessive access allows unauthorized edits to sensitive data, logs, security settings, or application code.
The other options relate to security but are less directly tied to integrity as the primary objective.Biometric verificationis an authentication method that helps confirm identity; it supports access control broadly, but it does not by itself limit modification capability once access is granted.Anti-malicious code detectionhelps prevent malware that could corrupt data, but it is primarily a detection/prevention tool rather than the foundational control for authorized modification.Backups and redundancyprimarily support availability and recovery after corruption, not the prevention of unauthorized changes.
