Mccumber Cube, Pillars of IA, Parkerian Hexad, Extended Mccumber Cube
Information Assurance (IA) is the operation of controlling information-related peril and the processes involved to guard information systems. There are five pillars of information assurance; availability, integrity, authentication, non-repudiation, and confidentiality.
Availability indicates that those who wish to access the information are granted access. Information should be availed to a few people who are conscious of the threats in the information systems. Integrity is a pillar of information assurance that ensures that all the information systems get protection and are not altered. AI strategize to ensure integrity through ways like; ensuring that personnel using the information systems know how to correctly use them to minimize the attacks of viruses and malware. It also guides to ensure the network of information systems is unshakable and intact.
Confidentiality entails the secrecy of information, pointing out that only the authorized people will view the data. Here, you have to put into consideration not only how to access the data but also the type of information to access. Information access is restricted to those authorized. Authentication involves making sure that those who access the data are the legal people. Methods of enhancing authentication are; biometrics, and strong passwords, and others. Non-repudiation is the final pillar that expounds that everyone accessing the information system cannot deny having acted on the information system. Don't use plagiarised sources.Get your custom essay just from $11/page
John McCumber came up with a model framework in 1991. The structure mainly evaluates and establishes information assurance (information security) programs now called The McCumber Cube. This model of security is illustrated as a three-dimensional grid that is cube-like. The concept behind this model is the consideration of the interconnectedness of every different element that affects them when coming up with information (IA) structures.
To come up with a great information assurance scheme, one has to consider the security aims of the project and how these aims related mainly to the different states in which data can occupy in a system and the complete variety of the available security safeguards. The security safeguards must be put into consideration when designing the system. The McCumber model aids someone not to forget to put into considerations all essential design aspects without focusing on one aspect i.e., depending on entirely technical controls at the cost of final user training and requisite policies.
The McCumber framework model has its desired goal. It wants to ensure confidentiality. Confidentiality entails that sensitive and vital information is not accidentally or intentionally revealed to individuals who are not authorized. It also aims at ensuring integrity. Integrity involves the assurance that data and information are not randomly or deliberately altered or modified in a way as to affect its reliability and trustworthiness. Its other objective is to ensure availability by making sure that individuals who are authorized have both consistent and timely access to information and various resources if needed. The model also safeguards against human factors by making sure that end-users of information systems are apprised of their responsibilities and roles concerned with the protection of the information systems and have the capability of adhering to the standards.
The extended McCumber cube aims at achieving a more robust approach that needs a reduction of the view and perspective from the information states (three) to at an individual level. Countermeasures are the actions put in place to defend and protect the network. This minimization permits the security specialist to focus on the peril connotation allied with the countermeasure’s implementation for a particular security service and information state.
In the extended model, we note that an individual malware attack aimed at a specific information state is blended with the right countermeasures. This extends the model’s functional aspects. The extension of the model ensures the extension and stabilization of the confidentiality on the network, integrity for the network data, and network availability. The extended model takes a jeopardy assessment from a diverse angle. It puts into consideration the particular threats and the appraisal of their probability and comes up with countermeasures to be put in place to protect against the risk.
Donn Parker suggested Parkerian hexad. It is a set of six factors of information security. Parkerian hexad collectively adds three other aspects to the classic security aspects of the CIA trilogy (integrity, confidentiality, and availability) The attributes are possession/control, confidentiality, integrity, authenticity, availability, and utility. Any information safety breach can be defined as affecting any of the elementary attributes. Confidentiality entails the secrecy of information, pointing out that only the authorized people will view the data.
Availability indicates that those who wish to access the information are granted access. Data and information should be availed to a small number of people who are conscious of the threats in the information systems. Integrity as an attribute of Parkerian hexad ensures that all the information systems get protection and are not altered. Any unauthorized alteration or modification of data, whether accidental or intentional, is a data integrity breach. Possession or control: loss of possession or control happens, for example, when a robber takes your bank debit card and your PIN. Even if the robber did not use the debit card and the PIN, it is reasonable for you to be worried that the robber can use them anytime. The utility is usefulness. For example, if someone encrypts data on a disk to protect it, but then the decryption key is lost. The case above defines a breach of utility. Utility, many need some period to work around the variation in data presentation or format.