The ability of an information system to protect itself against unauthorized user access, to the extent that security controls cannot be compromised. Security controls, no matter how sophisticated, are not reliable if the operating system that administers those controls is not itself protected from user tampering. Total information system integrity, or security, is not considered feasible. A level of system integrity must therefore be selected where the cost and risk involved in breaking that security exceed the benefits to be gained from doing so, or exceed the cost and risk of obtaining the same benefits in another way.