What is Information Security?CHAPTER 1 7 Parkerian Hexad Integrity Authenticity FIGURE 1.2 The parkerian Hexad CONFIDENTIALITY,INTEGRITY.AND AVAILABILITY ClA triad in how Parker describes integrity,as he does not account for authorized,but incorrect,modification of data,and instead focuses on the state of the data itself in the sense of completeness. POSSESSION OR CONTROL sition of the media on which is stored.This enables US, without involving other factors such as availability,to discuss our loss of the data in its physical medium.In our lost shipment of backup tapes,let us say that some of them were encrypted and some of them were not.The principle of possession would enable us to more p ro beo romn e nmey apes are a problem on both counts. AUTHENTICITY Authenticity allows us to talk about the proper attribution as to the owner or creator of the data in question.For example,if we send an e-mail message that is altered so as to appear to have come from a different e-mail address than the one from which it was actually sent,we would be violating the authentic- ity of the e-mail.Authenticity can be enforced through the use of digital signa res,which we will discuss further in Chapter 5.A very similar,but rev ncept to this is nonrepudiation.Nonrepudiation preven s some ne from sending an e-ma and then later denying that he or she has done so.We will discuss nonrepudiation at greater length in Chapter 5 as well. What is Information Security? CHAPTER 1 7 Confidentiality, Integrity, and Availability As we mentioned, the Parkerian hexad encompasses the three principles of the CIA triad with the same definitions we just discussed. There is some variance in how Parker describes integrity, as he does not account for authorized, but incorrect, modification of data, and instead focuses on the state of the data itself in the sense of completeness. Possession or Control Possession or control refers to the physical disposition of the media on which the data is stored. This enables us, without involving other factors such as availability, to discuss our loss of the data in its physical medium. In our lost shipment of backup tapes, let us say that some of them were encrypted and some of them were not. The principle of possession would enable us to more accurately describe the scope of the incident; the encrypted tapes in the lot are a possession problem but not a confidentiality problem, and the unencrypted tapes are a problem on both counts. Authenticity Authenticity allows us to talk about the proper attribution as to the owner or creator of the data in question. For example, if we send an e-mail message that is altered so as to appear to have come from a different e-mail address than the one from which it was actually sent, we would be violating the authentic￾ity of the e-mail. Authenticity can be enforced through the use of digital signa￾tures, which we will discuss further in Chapter 5. A very similar, but reversed, concept to this is nonrepudiation. Nonrepudiation prevents someone from taking an action, such as sending an e-mail, and then later denying that he or she has done so. We will discuss nonrepudiation at greater length in Chapter 5 as well. Confidentiality Availability Integrity Possession Authenticity Utility Parkerian Hexad Figure 1.2 The Parkerian Hexad