Donn B. Parker, one of the information security specialists of repute, brought out some alternate perspectives of the properties of information security. In addition to the three properties specified through the CIA triad, he brought out three more descriptors or properties, namely, possession, authenticity, and utility, thus forming a hexad known as the Parkerian Hexad. The Parkerian Hexad also groups confidentiality and possession, integrity and authenticity, availability and utility, pairs together as these are related.8
The definitions provided by the Parkerian Hexad for the six properties or descriptors are as follows:8
• “Confidentiality” is defined as the “quality or state of being private or secret; known only to a limited few.”
• “Possession or Control” is defined as “a state of having in or taking into one's control or holding at one's disposal; actual physical control of property by one who holds for himself, as distinguished from custody; something owned or controlled.”
• “Integrity” is defined as “unimpaired or unmarred condition; soundness; entire correspondence with an original condition; the quality or state of being complete or undivided; material wholeness.”
• “Authenticity” is defined as “authoritative, valid, true, real, genuine, or worthy of acceptance or belief by reason of conformity to fact and reality.”
• “Availability” is defined as “capable of use for the accomplishment of a purpose, immediately usable, accessible, may be obtained.”
• “Utility” is defined as “useful, fitness for some purpose.”
The Parkerian Hexad describes “confidentiality” as a little different from the traditional definition of “confidentiality” that is provided by U.S.Code/NIST. This hexad considers “possession” as an important element which may impact confidentiality. The “possession” of confidential information can sometimes lead to such threats like blackmail, extortion, sabotage, or destruction. Similarly, proprietary and personal information considered by traditional definition to be confidential may in fact be confidential or not confidential, depending upon the nature of the information or timing of the information divulgence.8
The Parkerian Hexad describes “integrity” as a little different from the traditional definition of “integrity” that is provided by U.S.Code/NIST. This hexad doesn't consider “authenticity” as a part of “integrity” and as a different property, which has to do with the validity or genuineness of the information than the unimpaired condition of the information. Again here, “non-repudiation” is considered a different aspect than “integrity” and as related to “authenticity” as it refers to validity or genuineness of the information.8
Parkerian hexad considers “availability” along with “utility” as information even if available is of use only if it is usable or has utility. It differs from the traditional definition in that “availability” has nothing to do with “reliable access”.8
As seen above, the Parkerian Hexad gives a different perspective of the characteristics or properties of information security.
A simple view of the above properties is represented in Figure 3-8.
Figure 3-8. Six properties of information security with simple examples