Preview

Parkian Hexad vs the Cia Triad

Powerful Essays
Open Document
Open Document
1056 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Parkian Hexad vs the Cia Triad
“Is the Parkerian Hexad superior to the CIA Triad in describing the framework necessary for information systems security?” Yes, the Parkerian Hexad is superior to the CIA Triad because it is an updated approach that expands on the original three elements of the CIA Triad. In order to answer this question let’s look at some definitions and history of information security. The U.S. Committee on National Security Systems (“CNSS”) defines "Information Systems Security” as the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability (CNSS, Instruction No. 4009). There are several different approaches that provide a guide on how best to accomplish information systems security. The two that I will compare are the CIA Triad and the Parkerian Hexad.
In 1994, The National Security Telecommunications and Information Systems Security Committee created the Comprehensive Model for Information Systems Security or the CIA Triad (Whitman & Mattord, 2009). The CIA Triad stands for Confidentiality, Integrity, and Availability. Confidentiality is defined by the CNSS as “the property that information is not disclosed to system entities (users, processes, devices) unless they have been authorized to access the information” (CNSS, Instruction No. 4009). This is the need for only authorized people to have access to specific information and can also be the need to withhold specific information for an unauthorized person. An example of this is when a business, such as a credit card companies agrees not to share/sell your information to a third party. When I give my information to the credit card company I expect confidentiality and they; therefore, have a responsibility to provide it. The second part is Integrity. This is not the integrity of the person/entity holding one’s personal information. This is the integrity of the data



References: Committee on National Security Systems. “CNSS Instruction No. 49, 16 April 2010. Committee on National Security Systems website. http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf, accessed September 2011. Dardick, Glenn S., “Cyber Forensics Assurance.” 8th Australian Digital Forensics 2010 Conference, Perth, Western Australia, November 30th 2010, 57-60. Kabay, M. E. “The Parkerian Hexad.” Powerpoint presentation to MSIA program, April 2001. Norwich University, Northfield , VT. Parker, Donn B. “Our Excessively Simplistic Information Security Model andHow to Fix it,” ISSA Journal, July 2010: 12-21, http://www.issa. org/ images/upload/files/ParkerSimplistic%20Information%20 Security%20Model.pdf, accessed Sept 2011. Whitman, Michael and Mattord, Herbert. Principles of Information Security, 3rd ed. Boston: Thomson Course Technology, 2009.

You May Also Find These Documents Helpful

  • Better Essays

    Whitman, M., & Mattord, H. (2004). Information Security Policy. In Management of information security(Fourth ed., p. 154). Boston, Mass.: Thomson Course…

    • 2101 Words
    • 8 Pages
    Better Essays
  • Good Essays

    Cs150 Unit 3 Assignment

    • 498 Words
    • 2 Pages

    In a Denial-of-Service (DoS) attack, a malicious client (the attacker) performs operations designed to partially or completely prevent legitimate clients from gaining service from a server (the victim). (Brustoloni, N.D.) To defend your system from DoS attacks it typically involves the use of a combination of attack detection software, aiming to block traffic that is identified as illegitimate and allow all traffic that is identified as legitimate. Some traffic classification and response tools are Firewalls, Switches, Routers, Application front end hardware, IPS based prevention, DDS based…

    • 498 Words
    • 2 Pages
    Good Essays
  • Powerful Essays

    INF 325 Week 1: A Case Study

    • 2472 Words
    • 10 Pages

    Olzak, T. & Bunter, B. (2010, May 07). Security basics - components of security policies. Bright…

    • 2472 Words
    • 10 Pages
    Powerful Essays
  • Good Essays

    As I read an article written by Mr. Mathew J. Schwartz, dated March 12. 2012, for InformationWeek via darkreading.com, and ponder the strength of the subject matter discussed, I asked myself the question when does attack prevention begin? The question does present an abstract yet requires that careful thought be exercised when approaching information security breaches, and how to prevent attacks; a technological melancholy with very expensive associations.…

    • 639 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    Nt1310 Unit 1 Assignment 1

    • 1434 Words
    • 6 Pages

    Information has become the most valuable asset of any organization. And keeping that information secure is a major factor in the design and development of any computer system. Security is defined by Merriam-Webster as “the state of being protected or safe from harm”. It is up to every organization to insure that their data is protected, and that nothing that is harmful to the company or its clients is compromised.…

    • 1434 Words
    • 6 Pages
    Powerful Essays
  • Good Essays

    References: Kim, D., & Solomon, M. G. (2012). Fundamentals of Information Systems SecuritY. Sudbury: Jones & Bartlett Learning.…

    • 651 Words
    • 3 Pages
    Good Essays
  • Good Essays

    BSA/310

    • 674 Words
    • 3 Pages

    In business, an information security is a set of policies to protect the companies and small businesses infrastructure, physical, and information technology assets, and to ensure that information technology users within the domain of the companies and small businesses comply with the rules and guidelines related to the security of the information stored digitally at any network within the boundaries of authority. In short, it can protect data from the outside and even inside threat. The data and information, which the companies and small businesses have, are arguably the most important assets. They should ensure the data confidentiality, integrity, availability, non-repudiation, authentication, and authorization. Most small businesses and companies must have information security to ensure their business and information assets. Information security protects data and controls how it should be distributed within or without the businesses boundaries. This means that information should be encrypted and may have restrictions placed on its distribution to the third party. Information security should protect the data from the outside threats such as:…

    • 674 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    NT2580

    • 1232 Words
    • 14 Pages

    In t fid en tia l ity The CIA Triad Co n y rit eg Availability NT2580 Introduction to Information Security © ITT Educational Services, Inc.…

    • 1232 Words
    • 14 Pages
    Satisfactory Essays
  • Good Essays

    Kim, D., & Solomon, M. G. Part 1: The Need for Information Security. In Fundamentals of Information Systems Security. Jones & Bartlett…

    • 299 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Class I worked with a community college network a few years ago and it was almost fun to watch. No matter how much bandwidth they purchased, the students would use it all. They could not get educational traffic to work because there was too much competition from students gaming and streaming audio and video. Ultimately they purchased some expensive bandwidth management equipment to give priority to certain traffic. The problem was not really security, but rather, controlling usage.…

    • 1177 Words
    • 5 Pages
    Satisfactory Essays
  • Good Essays

    References: Clifford, M. (2004). Identifying and Exploring Security Essentials. Upper Saddle River, NJ: Pearson Prentice-Hall…

    • 705 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Cmgt 400 Week 2

    • 1100 Words
    • 3 Pages

    Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. (2012). Principles of Computer Security: CompTIA Security+ and Beyond (Exam SY0-301) (3rd ed.). New York, NY: McGraw-Hill Company.…

    • 1100 Words
    • 3 Pages
    Better Essays
  • Good Essays

    Week 5 you decide

    • 928 Words
    • 4 Pages

    Security is an ever moving target that must be continually managed and refined to ensure appropriate confidentiality, integrity, and availability of services and systems that are critical to business, as well as the valuable data.…

    • 928 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    Confidentiality and information security are key factors for an organisation. It allows organisations to ensure they preserve these along with…

    • 2721 Words
    • 11 Pages
    Satisfactory Essays
  • Better Essays

    Cmgt400 Week 3

    • 1752 Words
    • 8 Pages

    Whitman, M., & Mattord, H. (2010). Management of Information Security (third ed.). Pittsburgh, PA: Cengage Learning.…

    • 1752 Words
    • 8 Pages
    Better Essays