Information Assurance (IA) manages risks associated with electronic storage and accessibility of critical information. Three commonly used models include the CIA triad, Five Pillars, and Parker’s Hexad model. The CIA triad emphasizes confidentiality, integrity, and availability, while the Five Pillars model adds non-repudiation and authentication. Parker’s Hexad model includes confidentiality, possession, integrity, authenticity, availability, and utility, and is preferred by organizations that need to ensure original format and content of information.
Most organizations rely on information stored and accessed electronically, across any number of information systems and networks. With the storage and accessibility of critical information through electronic means comes inherent risk to how that information is stored and accessed, by whom, and for what purposes. Information Assurance (IA) is the term used to define the practices and processes involved in managing associated risks to effectively mitigate potential harms. There are three commonly used information assurance models, each based on its predecessor. These models include the CIA’s triad, the five pillars of artificial intelligence, and Parker’s Hexad model.
The CIA triad is considered to be the first information assurance model introduced to define effective practices for ensuring the security and integrity of information. Based on three major components of AI management, the CIA triad is aptly named for its emphasis on confidentiality, integrity, and availability at the core of the model. Many organizations, especially military and civilian intelligence agencies in the United States, rely on the CIA triad to protect both the storage and access to sensitive data. While this model serves as a foundation, it loses some very important attributes for managing AI. Subsequently, other models were developed to account for these dimensions.
Picking up where the CIA’s triad model leaves off, the Five Pillars model of information assurance adds a few more dimensions to the process and procedures designed to protect information. Primarily used by the US Department of Defense and various other government organizations, these additional dimensions include non-repudiation and authentication. Organizations outside of government tend to use a blended approach of both of these models, usually with an emphasis on the components they deem most important to their organizational mission. Many companies, however, have seen fit to incorporate a more comprehensive information insurance risk management model, and then develop a third model.
Donn B. Parker is responsible for introducing Parker’s information assurance hexadecimal model, which focuses on many of the same attributions, adding an additional component and eliminating overlapping components. Six core attributes make up the model: Confidentiality, Possession, Integrity, Authenticity, Availability, and Utility. Authenticity in this model, however, differs from the definition of authentication used by the Five Pillars model, which refers to the validity of data at all times, rather than identifying and granting access to users. While this model is not as common in distribution, many organizations that rely on information to be presented in its original format and content will often prefer it. Such organizations might include law firms that need to ensure that evidence secured in cases has not been tampered with.
Protect your devices with Threat Protection by NordVPN