6 The Basics of Information Security that contained the results of medical tests.we might see the wrong treatment prescribed,potentially resulting in the death of the patient. AVAILABILITY The final leg of the CIA triad is availability.Availability refers to the ability to access our data when we need it.Loss of availability can refer to a wide variety of breaks anywhere in the chain that allows us access to our data.Such issues can result from power oss,operating system or application problems,network of a sys em,or problems.When such issue caused b an outs d party,such as an attacker,they are commonly referred to as a denial of service(DoS)attack. RELATING THE CIA TRIAD TO SECURITY Given the elements of the CIA triad,we can begin to discuss security issues in a very specific fashion.As an example we can look at a shipment of backu apes on h we have e only existing but unencryptec copy of some c our sensitive data stored.If we were to lose the shipment in transit,we will have a security issue.From a confidentiality standpoint,we are likely to have a problem since our files were not encrypted.From an integrity standpoint,pre- suming that we were able to recover the tapes,we again have an issue due to the lack of encryption used on our files.If we recover the tapes and the unen- vahles were altered,this would not be immedi oparent to us as we have an issue unless the tapes are have a backup copy of the files Although we can describe the situation in this example with relative accuracy using the CIA triad,we might find that the model is more restrictive than what we need in order to describe the entire situation.An alternative model does exist that is somewhat more extensive. The Parkerian Hexad The Parkerian hexad,named for Donn Parker and introduced in his book ichtin Compter Crime provides us with a somewhat more compley variation classic CIA triad.Where the CIA triad c onsists of confidentiality, integ ity,and availability,the Pa rian hexad c on three princ s we as pos control authenticity,and utility [3]for a total of six principles,as shown in Figure 1.2. ALERT! d by some obe a more complete model,the Parkerian he se h6 The Basics of Information Security that contained the results of medical tests, we might see the wrong treatment prescribed, potentially resulting in the death of the patient. Availability The final leg of the CIA triad is availability. Availability refers to the ability to access our data when we need it. Loss of availability can refer to a wide variety of breaks anywhere in the chain that allows us access to our data. Such issues can result from power loss, operating system or application problems, network attacks, compromise of a system, or other problems. When such issues are caused by an outside party, such as an attacker, they are commonly referred to as a denial of service (DoS) attack. Relating the CIA Triad to Security Given the elements of the CIA triad, we can begin to discuss security issues in a very specific fashion. As an example, we can look at a shipment of backup tapes on which we have the only existing, but unencrypted, copy of some of our sensitive data stored. If we were to lose the shipment in transit, we will have a security issue. From a confidentiality standpoint, we are likely to have a problem since our files were not encrypted. From an integrity standpoint, pre￾suming that we were able to recover the tapes, we again have an issue due to the lack of encryption used on our files. If we recover the tapes and the unen￾crypted files were altered, this would not be immediately apparent to us. As for availability, we have an issue unless the tapes are recovered since we do not have a backup copy of the files. Although we can describe the situation in this example with relative accuracy using the CIA triad, we might find that the model is more restrictive than what we need in order to describe the entire situation. An alternative model does exist that is somewhat more extensive. The Parkerian Hexad The Parkerian hexad, named for Donn Parker and introduced in his book Fighting Computer Crime, provides us with a somewhat more complex variation of the classic CIA triad. Where the CIA triad consists of confidentiality, integ￾rity, and availability, the Parkerian hexad consists of these three principles, as well as possession or control, authenticity, and utility [3], for a total of six principles, as shown in Figure 1.2. Alert! Although it is considered by some to be a more complete model, the Parkerian hexad is not as widely known as the CIA triad. If we decide to use this model in discussion of a security situation, we should be prepared to explain the difference to the uninitiated