Information Integrity

These six elements were proposed by Donn Parker in 2002 as an addition to the classic CIA triad. Those interested in information integrity will also be interested in these other elements for protecting valuable data. The descriptions below come from Wikipedia, “Parkerian Hexad.”ConfidentialityConfidentiality refers to limits on who can get what kind of information. For example, executives concerned about protecting their enterprise’s strategic plans from competitors; individuals are concerned about unauthorized access to their financial records.Possession or ControlSuppose a thief were to steal a sealed envelope containing a bank debit card and (foolishly) its personal identification number. Even if the thief did not open that envelope, the victim of the theft would legitimately be concerned that (s)he could do so at any time without the control of the owner. That situation illustrates a loss of control or possession of information but does not involve the breach of confidentiality.IntegrityIntegrity refers to being correct or consistent with the intended state of information. Any unauthorized modification of data, whether deliberate or accidental, is a breach of data integrity. For example, data stored on disk are expected to be stable they are not supposed to be changed at random by problems with the disk controllers. Similarly, application programs are supposed to record information correctly and not introduce deviations from the intended values AuthenticityAuthenticity refers to the veracity of the claim of origin or authorship of the informationFor electronic information, a digital signature could be used to verify the authorship of a digital document using public-key cryptography (could also be used to verify the integrity of the document).AvailabilityAvailability means having timely access to information. For example, a disk crash or denial-of-service attacks both cause a breach of availability. Any delay that exceeds the expected service levels for a system can be described as a breach of availability.UtilityUtility means usefulness. For example, suppose someone encrypted data on disk to prevent unauthorized access or undetected modifications and then lost the decryption key: that would be a breach of utility. The data would be confidential, controlled, integral, authentic, and available they just wouldn’t be useful in that formUtility is often confused with availability because breaches such as those described in these examples may also require time to work around the change in data format or presentation. However, the concept of usefulness is distinct from that of availability.