The Parkerian Hexad

The Parkerian Hexad is a set of six security principles that build upon the original CIA Triad of Confidentiality, Integrity, and Availability. The three additional principles are control/possession, authenticity, and utility.

Control/Possession

Control/possession is the principle of ensuring that only those with the appropriate authority are able to access and control information and systems. This can be done through access controls such as user authentication and authorization. Control, also referred to as possession, is the principle that ensures only individuals or entities with proper authority can access, modify, or manage information and systems. It emphasizes ownership and custodianship of data, ensuring that sensitive information is kept out of the hands of unauthorized users. Control is typically enforced through mechanisms such as user authentication (verifying the identity of a user) and authorization (determining what actions an authenticated user is allowed to perform). Additional methods such as access control lists (ACLs), role-based access controls (RBAC), and multi-factor authentication (MFA) strengthen this principle. Effective control ensures that data cannot be stolen, misused, or tampered with by individuals lacking the necessary clearance.

Authenticity

Authenticity is the principle of ensuring that data and transactions are from their claimed source. This can be done through encryption, digital signatures, and other methods to ensure data is from the intended source. Methods to ensure authenticity include digital signatures, encryption techniques, public key infrastructure (PKI), and certificates that validate identities. For example, when an email is digitally signed, the recipient can confirm both that the sender is who they claim to be and that the message was not altered in transit. Authenticity prevents attackers from masquerading as trusted entities and ensures confidence in the reliability of communications.

Utility

Utility is the principle of ensuring that information is useful and understandable. For example, otherwise secure information, if encrypted with a lost decryption key would not be said to have utility.

Utility ensures that information retains its usefulness, readability, and accessibility to authorized users. Even if information is perfectly secure, it loses value if it cannot be applied in practice. For instance, encrypted data without a functional decryption key may be highly secure but lacks utility because it is inaccessible. Similarly, information presented in an overly complex or incompatible format may fail to serve its intended purpose. Utility therefore encompasses not only technical accessibility but also usability, clarity, and relevance. Mechanisms such as data backup and recovery, key management systems, and format standardization help maintain utility. At its core, this principle highlights that information security must balance protection with functionality, ensuring information is both safe and usable when needed.