When a system detects an integrity failure, one of three possible courses of action can be taken.
The first is to continue normally, but issue a warning. Unfortunately, this may result in the execution or use of either a corrupt or malicious component.
The second is to not use or execute the component. This approach is typically called fail secure, and creates a potential denial of service attack.
The final approach is to recover and correct the inconsistency from a trusted source before the use or execution of the component.
The first two approaches are unacceptable when the systems are important network elements such as switches, intrusion detection monitors, or associated with electronic commerce, since they either make the component unavailable for service, or its results untrustworthy.