Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non- repudiation?
A.
Five Pillars model
B.
Parkerian Hexad
C.
Capability Maturity Model (CMM)
D.
Classic information security model
Explanation:
The Five Pillars model is used in the practice of Information Assurance (IA) to define assurance requirements.
It was promulgated by the U.S.
Department of Defense (DoD) in a variety of publications, beginning with the National Information Assurance Glossary, Committee on National Security Systems Instruction CNSSI-4009. Here is the definition from that publication: “Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.” The Five Pillars model is sometimes criticized because authentication and non-repudiation are not attributes of information or systems; rather, they are procedures or methods useful to assure the integrity and authenticity of information, and to protect the confidentiality of the same.Answer option D is incorrect. The classic information security model is used in the practice of Information Assurance (IA) to define assurance requirements. The classic information security model, also called the CIA Triad, addresses three attributes of information and information systems, confidentiality, integrity, and availability. This C-I-A model is extremely useful for teaching introductory and basic concepts of information security and assurance; the initials are an easy mnemonic to remember, and when properly understood, can prompt systems designers and users to address the most pressing aspects of assurance.
Answer option B is incorrect. Parkerian Hexad is the third Information Assurance (IA) model. It is less widely known but considered by many IA practitioners and professionals to be the most complete and accurate of the three. It was first introduced by Donn B. Parker in 1998. Like the Five Pillars, Parkerian Hexad begins with the C-I-A model but builds it out by adding three more attributes of authenticity, utility, and possession (or control). It is significant to point out that the concept or attribute of authenticity, as described by Parker, is not identical to the pillar of authentication as described by the U.S. DoD.
Answer option C is incorrect. The Capability Maturity Model (CMM) is a service mark owned by Carnegie Mellon University (CMU) and refers to a development model elicited from actual data. The data was collected from organizations that contracted with the U.S. Department of Defense, who funded the research, and they became the foundation from which CMU created the Software Engineering Institute (SEI).
Like any model, it is an abstraction of an existing system. Unlike many that are derived in academia, this model is based on observation rather than on theory.
When it is applied to an existing organization’s software development processes, it allows an effective approach toward improving them. Eventually it became clear that the model could be applied to other processes. This gave rise to a more general concept that is applied to business processes and to developing people.
Reference: http://en.wikipedia.org/wiki/Information_assurance
Correct answer is