Student Name: Israa Alnabrisi

Student no. :220163514

Draw a table to distinguish between Parkerian hexad and CIA triad

CIA

Parkerian Hexad

Definition

The CIA model is a fundamental security model

that has been around for more than 20 years.
The CIA Triad is a venerable, well-known
model for security policy development, used to
identify problem areas and necessary solutions
for information security

The Parkerian Hexad is an expression of a

set of components added to the CIA triad to
form or more comprehensive and complete
security model, Defined by Donn B. Parker,
renowned security consultant and writer

Elements

Confidentiality, Integrity, and Availability

Confidentiality, Integrity,Availability,
possession or control, authenticity, and
utility.

Goals

Design and build information security

architecture to the organization.

Fill in the gaps of the of CIA model to

improve the security of todays
information assets

Gives us a consistent set of terminology and

concepts that security professionals, can
refer to when security issues arise.

change how information security is

understood and implemented

Parker aimed to expand the view of

security and include people more into
the realm of information security

Challenge

The Parkerian Hexad is not widely Known

Data is more valuable and complex than
ever. The amount of data has grown
exponentially and the complexity is only
going to increase
Ensuring data security and protecting
privacy is becoming harder.
The CIA model is simply too simple a
concept to secure todays complex networks
and it may leave environments susceptible
to threats that they are not prepared to
handle.
Focuses too much on the technology
protecting information assets and not
enough on human. Humans are the biggest
threat to security of data today.
So much has changed in the way we store
data, where we store it, how we transmit it,
and how we secure it.

Confidentiality vs Possession/Control

Definition

Confidentiality

Possession/Control

It refers to our ability to protect our data from

those who are not authorized to view it.

It refers to the physical disposition of the

media on which the data is stored.
Preventing copying or unauthorized use of
intellectual property
Element in Parkerian Hexad.

Important element of both the CIA model and

the Parkerian Hexad.

Features

Every breach of confidentiality is a breach

of possession/control.

Does not address copyright violations

Every breach of possession/control is not

a breach of confidentiality.

Addresses the protection of public data

that may be owned and copy written.
Articles, books, news publications etc.
need to be protected even though they
are technically available for anyone to
view
EFS encrypted file system is a tool that
provide a strong defense against a breach of
confidentiality. But in this case, it can also
guard against a breach of possession

Elements Encryption, authentication, access control,

of security physical security, and permissions.
that help
enforce
An adversary may steal a memory stick with your private key on it, but they may not have your
Example
pass phrase to use it. The confidentiality has not been breached but your adversary now has
possession and control of your information asset

Integrity vs Authenticity

Definition

Integrity

Authenticity

Integrity refers to the ability to prevent our data

from being changed in an unauthorized or
undesirable manner.

Authenticity refers to the assurance that a

message, transaction, or other exchange of
information is from the source it claims to
be from. Authenticity involves proof of
identity

Employees are one of the biggest threats to data

integrity. Employees sometimes accidentally,
delete files, enter inaccurate data, save over the
wrong file, edit the wrong files, etc.
Important when we are discussing the data that
provides the foundation for other decisions.

Authenticity is a check of genuineness and

originality.

To maintain integrity, we need the ability to

reverse authorized changes that need to be
undone.
Element of both the CIA model and the
Parkerian Hexad.

Elements
of security
that help
enforce
Example

Data verification, validation checks, performing

and maintaining backups and hashing
techniques

Element in Parkerian Hexad.

Digital signatures

An adversary may gain unauthorized access to database and update a table. Internal and
external consistency checks (integrity) will pass but table now contains tampered data thats
not authentic or trustworthy

Availability vs Utility
Availability

Utility

Availability refers to the ability to access our

data when we need it

Utility refers to how useful the data is to us.

It is one of the simpler components to describe,

but it is one of the most difficult to safeguard.
The challenge for every information security
professional is to achieve the right balance of
availability and security. Depending Depending
on the level of availability needed
Element of both the CIA model and the
Parkerian Hexad.

Elements
of security
that help
enforce
Example

we can have a variety of degrees of utility,

depending on the data and its format.
Utility is often confused or assumed with
availability but the two are distinct.

Element in Parkerian Hexad.

Tolerance and redundancy techniques disk

redundancies, server redundancies, site
redundancies, backups, alternate power and
cooling systems.
A user may encrypt their private key with a pass phrase. If they forget their pass phrase the
usefulness (utility) of the information asset is lost. The information is still available but not
usable.