Parkerian hexad
Encyclopedia
The Parkerian hexad is a set of six elements of information security proposed by Donn B. Parker
in 2002. The term was coined by M. E. Kabay. The Parkerian hexad adds three additional attributes to the three classic security attributes of the CIA triad (confidentiality, integrity, availability).
The Parkerian Hexad attributes are the following:
These attributes of information are atomic in that they are not broken down into further constituents; they are non-overlapping in that they refer to unique aspects of information. Any information security breach can be described as affecting one or more of these fundamental attributes of information.
and (foolishly) its personal identification number. Even if the thief did not open that envelope, the victim of the theft would legitimately be concerned that (s)he could do so at any time without the control of the owner. That situation illustrates a loss of control or possession of information but does not involve the breach of confidentiality.
. For example, data stored on disk are expected to be stable – they are not supposed to be changed at random by problems with the disk controllers. Similarly, application programs are supposed to record information correctly and not introduce deviations from the intended values.its only can use.
From Donn Parker: "My definition of information integrity comes from the dictionaries. Integrity means that the information is whole, sound, and unimpared (not necessarily correct). It means nothing is missing from the information it is complete and in intended good order." The author's statement comes close in saying that the information is in a correct...state. Information may be incorrect or not authentic but have integrity or correct and authentic but lacking in integrity.
could be used to verify the authorship of a digital document using public-key cryptography
(could also be used to verify the integrity of the document).
or 9-track magnetic tape
instead of DVD-ROM. A tabular representation of data substituted for a graph could be described as a breach of utility if the substitution made it more difficult to interpret the data. Utility is often confused with availability because breaches such as those described in these examples may also require time to work around the change in data format or presentation. However, the concept of usefulness is distinct from that of availability.
Donn B. Parker
Donn B. Parker, CISSP, Information Security Researcher and Consultant, 2008 Fellow of the Association for Computing Machinery- Biography:Donn Parker earned BA and MA degrees in mathematics from the University of California at Berkeley...
in 2002. The term was coined by M. E. Kabay. The Parkerian hexad adds three additional attributes to the three classic security attributes of the CIA triad (confidentiality, integrity, availability).
The Parkerian Hexad attributes are the following:
- Confidentiality
- Possession or Control
- Integrity
- Authenticity
- Availability
- Utility
These attributes of information are atomic in that they are not broken down into further constituents; they are non-overlapping in that they refer to unique aspects of information. Any information security breach can be described as affecting one or more of these fundamental attributes of information.
Confidentiality
Confidentiality refers to limits on who can get what kind of information. For example, executives concerned about protecting their enterprise’s strategic plans from competitors; individuals are concerned about unauthorized access to their financial records.Possession or Control
Possession or Control: Suppose a thief were to steal a sealed envelope containing a bank debit cardDebit card
A debit card is a plastic card that provides the cardholder electronic access to his or her bank account/s at a financial institution...
and (foolishly) its personal identification number. Even if the thief did not open that envelope, the victim of the theft would legitimately be concerned that (s)he could do so at any time without the control of the owner. That situation illustrates a loss of control or possession of information but does not involve the breach of confidentiality.
Integrity
Integrity refers to being correct or consistent with the intended state of information. Any unauthorized modification of data, whether deliberate or accidental, is a breach of data integrityData integrity
Data Integrity in its broadest meaning refers to the trustworthiness of system resources over their entire life cycle. In more analytic terms, it is "the representational faithfulness of information to the true state of the object that the information represents, where representational faithfulness...
. For example, data stored on disk are expected to be stable – they are not supposed to be changed at random by problems with the disk controllers. Similarly, application programs are supposed to record information correctly and not introduce deviations from the intended values.its only can use.
From Donn Parker: "My definition of information integrity comes from the dictionaries. Integrity means that the information is whole, sound, and unimpared (not necessarily correct). It means nothing is missing from the information it is complete and in intended good order." The author's statement comes close in saying that the information is in a correct...state. Information may be incorrect or not authentic but have integrity or correct and authentic but lacking in integrity.
Authenticity
Authenticity refers to the veracity of the claim of origin or authorship of the information. For example, one method for verifying the authorship of a hand written document is to compare the handwriting characteristics of the document to a sampling of others which have already been verified. For electronic information, a digital signatureDigital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
could be used to verify the authorship of a digital document using public-key cryptography
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
(could also be used to verify the integrity of the document).
Availability
Availability means having timely access to information. For example, a disk crash or denial-of-service attacks both cause a breach of availability. Any delay that exceeds the expected service levels for a system can be described as a breach of availability.Utility
Utility means usefulness. For example, suppose someone encrypted data on disk to prevent unauthorized access or undetected modifications – and then lost the decryption key: that would be a breach of utility. The data would be confidential, controlled, integral, authentic, and available – they just wouldn’t be useful in that form. Similarly, conversion of salary data from one currency into an inappropriate currency would be a breach of utility, as would the storage of data in a format inappropriate for a specific computer architecture; e.g., EBCDIC instead of ASCIIASCII
The American Standard Code for Information Interchange is a character-encoding scheme based on the ordering of the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that use text...
or 9-track magnetic tape
Magnetic tape
Magnetic tape is a medium for magnetic recording, made of a thin magnetizable coating on a long, narrow strip of plastic. It was developed in Germany, based on magnetic wire recording. Devices that record and play back audio and video using magnetic tape are tape recorders and video tape recorders...
instead of DVD-ROM. A tabular representation of data substituted for a graph could be described as a breach of utility if the substitution made it more difficult to interpret the data. Utility is often confused with availability because breaches such as those described in these examples may also require time to work around the change in data format or presentation. However, the concept of usefulness is distinct from that of availability.