Parkian Hexad vs the Cia Triad
“Is the Parkerian Hexad superior to the CIA Triad in describing the framework necessary for information systems security?” Yes, the Parkerian Hexad is superior to the CIA Triad because it is an updated approach that expands on the original three elements of the CIA Triad. In order to answer this question let’s look at some definitions and history of information security. The U.S. Committee on National Security Systems (“CNSS”) defines "Information Systems Security” as the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability (CNSS, Instruction No. 4009). There are several different approaches that provide a guide on how best to accomplish information systems security. The two that I will compare are the CIA Triad and the Parkerian Hexad.
In 1994, The National Security Telecommunications and Information Systems Security Committee created the Comprehensive Model for Information Systems Security or the CIA Triad (Whitman & Mattord, 2009). The CIA Triad stands for Confidentiality, Integrity, and Availability. Confidentiality is defined by the CNSS as “the property that information is not disclosed to system entities (users, processes, devices) unless they have been authorized to access the information” (CNSS, Instruction No. 4009). This is the need for only authorized people to have access to specific information and can also be the need to withhold specific information for an unauthorized person. An example of this is when a business, such as a credit card companies agrees not to share/sell your information to a third party. When I give my information to the credit card company I expect confidentiality and they; therefore, have a responsibility to provide it. The second part is Integrity. This is not the integrity of the person/entity holding one’s personal information. This is the integrity of the data
In 1994, The National Security Telecommunications and Information Systems Security Committee created the Comprehensive Model for Information Systems Security or the CIA Triad (Whitman & Mattord, 2009). The CIA Triad stands for Confidentiality, Integrity, and Availability. Confidentiality is defined by the CNSS as “the property that information is not disclosed to system entities (users, processes, devices) unless they have been authorized to access the information” (CNSS, Instruction No. 4009). This is the need for only authorized people to have access to specific information and can also be the need to withhold specific information for an unauthorized person. An example of this is when a business, such as a credit card companies agrees not to share/sell your information to a third party. When I give my information to the credit card company I expect confidentiality and they; therefore, have a responsibility to provide it. The second part is Integrity. This is not the integrity of the person/entity holding one’s personal information. This is the integrity of the data
References: Committee on National Security Systems. “CNSS Instruction No. 49, 16 April 2010. Committee on National Security Systems website. http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf, accessed September 2011. Dardick, Glenn S., “Cyber Forensics Assurance.” 8th Australian Digital Forensics 2010 Conference, Perth, Western Australia, November 30th 2010, 57-60. Kabay, M. E. “The Parkerian Hexad.” Powerpoint presentation to MSIA program, April 2001. Norwich University, Northfield , VT. Parker, Donn B. “Our Excessively Simplistic Information Security Model andHow to Fix it,” ISSA Journal, July 2010: 12-21, http://www.issa. org/ images/upload/files/ParkerSimplistic%20Information%20 Security%20Model.pdf, accessed Sept 2011. Whitman, Michael and Mattord, Herbert. Principles of Information Security, 3rd ed. Boston: Thomson Course Technology, 2009.