2.2 Theories/ models of Records Management and Information Technology
2.2.4 The Parkerian Hexad (PH) Model
In 1998, Donn B. Parker introduced an expanded version of CIA model which he added three elements and later renamed Parkerian Hexad (PH) Model (Bey 2012; Mishra 2011; Parker 2002).
The PH is an expression of a set of components added to the CIA to form a more comprehensive
31
and complete model (Ypetkova 2012; Parker 2007). It aimed to change how information security is understood and implemented in the contemporary computing environment where growth of nomadic computing (independence of location, motion, computing platform, communication devices and communication bandwidth where its driving dynamics include availability of hotspots, new generations of mobile phones, high demand and sale of laptops, and the increasing availability of specialised and inexpensive internet access devices) has changed the computing environment.
This unprecedented level of mobile access required a new model that would in-cooperate security requirements related to a mobile computing environment as opposed to a fixed hardwired location (Reid and Gilbert 2011; Parker 2010). The six elements of PH Model include confidentiality, integrity, availability, authenticity, possession or control and utility. The PH Model is aimed at filling the gaps of the CIA model, and thus, improve the security of today's information assets. The hexagon not only symbolises the six components, but also figuratively suggests that each component fits together perfectly, solving the puzzle of comprehensive information security (Parker 2002).
In a study by Bey (2012) on the Parkerian Hexad and the CIA triad models, the author asserts that the refined security model has changed the way information security is assessed and understood.
The model is about an organisation investing in better policy writing and enforcement, procedures and methods, employee education and awareness, as well as improving the available technology infrastructure. This argument is consistent with sentiments from a study by Wu (2009) on security architecture for sensitive information systems that appreciate Parkerian Hexad Model as one of the security models that is necessary to ensure information security is maintained, including that of information systems. Furthermore, the Parkerian Hexad Model concentrates sufficiently on the role that people play in perpetuating against information related loss. Security is about people and forces or acts of nature such as natural disasters, and not just technology-related security threats (Bey 2012; Parker 2010). Employees are the biggest threat to records and information; they sometimes accidentally delete files, enter inaccurate information, save over or edit the wrong files.
This calls for training and equipping employees with the right skills on how to handle e-records (Bey 2012; Andress 2011). The Parkerian Hexad Model is presented in Figure 3.
32
Figure 3: Parkerian Hexad Model (Source: Marzigliano n.d.)
According to Ping (2009) and Parker (1998) the Parkerian Hexad Model is non-overlapping. This means each principle (attribute) is necessary to ensure that security is maintained. The model is explained as follows:
Confidentiality: ensures that information is accessible only to those authorised to have access, prevention of disclosure to unauthorised individuals or systems (Bey 2012; Antirion 2011; Wu 2009; Bhaiji 2008; Parker 2002; Parker 1998).
Integrity: ensures that e-records are accurate and an unchanged representation of the original secure record such as transaction continuity and completeness in the business (Bey 2012; Antirion 2011; Wu 2009; Bhaiji 2008; Parker 2002; Parker 1998).
Availability: ensures that the e-records concerned are readily accessible to the authorised users at all times (Bey 2012; Antirion 2011; Wu 2009; Bhaiji 2008; Parker 2002; Parker 1998).
Authenticity: ensures the validity, trustworthiness, and dependability of e-records (Bey 2012;
Antirion 2011; Wu 2009; Parker 2002; Parker 1998).
33
Possession (authority/ control): refers to the ownership or control ability to use e-records (Bey 2012; Antirion 2011; Wu 2009; Parker 2002; Parker 1998).
Utility: refers to the usefulness of information (Bey 2012; Antirion 2011; Wu 2009; Parker 2002;
Parker 1998).
2.2.4.1 Application of Parkerian Hexad Model to this study
The PH model is relevant to the study since it strongly advocates for the security of information and appreciates the fundamental role of creators/custodians. New technological trends embraced by Moi University such as Integrated Personnel and Payroll Data System (IPPDS), Financial Management System (FMS) and Hostel booking system (HBS) among others have made e-records security and information contained therein a more daunting task. In addition, interest in e-records security has been fueled by numerous occurrences of threats, which call for better methods of securing the computers and the records they store, process and transmit — the PH model advocates for organisations to invest in better policy writing and enforcement, procedures and methods, employee education and awareness, and improving the available technology infrastructure.
Moreover, the elements of the PH Model are vital in the continuum management of e-records and necessary to e-records essential characteristics that are content, context and structure, which give e-records meaning overtime and ensure efficient access. One of the objectives of the study is to establish how confidentiality, integrity, availability, authenticity, possession or control and utility of e-records is achieved in Moi University. Therefore, the model is vital to the understanding of the University's position on the security of e-records. Moreover, the PH Model focuses sufficiently on the role that people (e-records personnel) play in ensuring e-records security and that they are captured into an effective records management system that establishes a relationship between the record, the creator and the business context that originated it.