Student Name: Israa Alnabrisi
Student no. :220163514
Draw a table to distinguish between Parkerian hexad and CIA triad CIA
Parkerian Hexad
Definition
The CIA model is a fundamental security model that has been around for more than 20 years. The CIA Triad is a venerable, well-known model for security policy development, used to identify problem areas and necessary solutions for information security
The Parkerian Hexad is an expression of a set of components added to the CIA triad to form or more comprehensive and complete security model, Defined by Donn B. Parker, renowned security consultant and writer
Elements
Confidentiality, Integrity, and Availability
Confidentiality, Integrity,Availability, possession or control, authenticity, and utility.
Goals
Design and build information security architecture to the organization. Gives us a consistent set of terminology and concepts that security professionals, can refer to when security issues arise.
Challenge
Fill in the gaps of the of CIA C IA model to improve the security of today’s information assets change how information security is understood and implemented Parker aimed to expand the view of security and include people more into the realm of information security
The Parkerian Hexad is not widely Known Data is more valuable and complex than ever. The amount of data has grown exponentially and the complexity is only going to increase Ensuring data security and protecting privacy is becoming harder. The CIA model is simply too simple a concept to secure today’s complex networks and it may leave environments susceptible to threats that they are not prepared to handle. Focuses too much on the technology protecting information assets and not enough on human. Humans are the biggest threat to security of data today. So much has changed in the way we store data, where we store it, how we transmit it, and how we secure it.
Confidentiality vs Possession/Control
Definition
Confidentiality
Possession/Control
It refers to our ability to protect our data from those who are not authorized to view it.
It refers to the physical disposition of the media on which the data is stored. Preventing copying or unauthorized use of intellectual property Element in Parkerian Hexad.
Important element of both the CIA model and the Parkerian Hexad.
Features
Every breach of confidentiality is a breach of possession/control. Does not address copyright violations
Every breach of possession/control is not a breach of confidentiality.
Addresses the protection of public data that may be owned and copy written. Articles, books, news publications etc. need to be protected even though they are technically available for anyone to view EFS encrypted file system is a tool that provide a strong defense against a breach of confidentiality. But in this case, it can also guard against a breach of possession
Encryption, authentication, access control, Elements of security physical security, and permissions. that help enforce An adversary may steal a memory stick with your private key on it, but they may not have your Example pass phrase to use it. The confidentiality has not been breached but your adversary now has possession and control of your information asset
Integrity vs Authenticity Integrity Definition
Integrity refers to the ability to prevent our data from being changed in an unauthorized or undesirable manner.
Authenticity
Authenticity refers to the assurance that a message, transaction, or other exchange of information is from the source it claims to be from. Authenticity involves proof of Employees are one of the biggest threats to data identity integrity. Employees sometimes accidentally, delete files, enter inaccurate data, save over the Authenticity is a check of genuineness and wrong file, edit the wrong files, etc. originality. Important when we are discussing the data that provides the foundation for other decisions.
To maintain integrity, we need the ability to reverse authorized changes that need to be undone. Element of both the CIA model and the Parkerian Hexad.
Elements of security that help enforce Example
Data verification, validation checks, performing and maintaining backups and hashing techniques
Element in Parkerian Hexad. Digital signatures
An adversary may gain unauthorized access to database and update a table. Internal and external consistency checks (integrity) will pass but table now contains tampered data that’s not authentic or trustworthy
Availability vs Utility Availability
Utility
Availability refers to the ability to access our data when we need it
Utility refers to how useful the data is to us.
It is one of the simpler components to describe, but it is one of the most difficult to safeguard. The challenge for every information security professional is to achieve the right balance of availability and security. Depending Depending on the level of availability needed Element of both the CIA model and the Parkerian Hexad.
Elements of security that help enforce Example
we can have a variety of degrees of utility, depending on the data and its format. Utility is often confused or assumed with availability but the two are distinct.
Element in Parkerian Hexad.
Tolerance and redundancy techniques – disk redundancies, server redundancies, site redundancies, backups, alternate power and cooling systems. A user may encrypt their private key with a pass phrase. If they forget their pass phrase the usefulness (utility) of the information asset is lost. The information is still available but not usable.
