Most organizations rely on information that is stored and accessed electronically, through any number of information systems and networks. With the storage and accessibility of critical information through electronic means comes inherent risk for how that information is stored and accessed, by whom and for what purposes. Information assurance (IA) is the term used to define the practices and processes involved in managing those associated risks to effectively mitigate potential damage. There are three commonly used models of information assurance, each building upon its predecessor. Those models include the CIA triad, the Five Pillars of IA, and the Parker’s Hexad model.
The CIA triad is considered the first model of information assurance introduced to define effective practices of assuring information security and integrity. Based on three main components of IA management, the CIA triad is aptly named due to its emphasis on confidentiality, integrity and availability at the core of the model. Many organizations, in particular military and civilian intelligence agencies in the United States, rely on the CIA triad to secure both the storage and access to sensitive data. While this model serves well as a foundation, it does miss out on some very important attributes to IA management. Subsequently, other models were developed to account for those dimensions.
Picking up where the CIA triad model leaves off, the Five Pillars model of information assurance adds a few other dimensions to the process and procedures designed to secure information. Mainly used by the Department of Defense in the United States and various other governmental organizations, those added dimensions include non-repudiation and authentication. Organizations outside of government tend to use a blended approach of both these models, usually placing emphasis on the components they feel are most important to their organizational mission. Many businesses, however, have seen it appropriate to incorporate a better-rounded model of managing information assurance risks, and thus the development of a third model.
Donn B. Parker is responsible for introducing the Parker’s Hexad Model of information assurance, which focuses on many of the same attributions, while adding an additional component and eliminating overlapping components. Six core attributes make up the model: confidentiality, possession, integrity, authenticity, availability and utility. Authenticity in this model, however, differs from the definition of authentication used by the Five Pillars model, referring to the validity of data at all times, rather than identifying and granting access to users. Although this model is not as prevalent in deployment, many organizations that rely on information that must be presented in its original format and content will often prefer it. Such organizations might include legal firms that need to ensure the evidence secured in cases has not been tampered with.