Insurance Industry: Security Models and Frameworks This essay focuses on the overall value of security models and frameworks in the insurance industry. It addresses in particular:1. How the CIA Triad contributes to information security philosophy or policy2. The current or potential value of mathematical models and IT security framework3. How does Parkerian Hexad help analyze security needs? All opinions contained in this case study are those of the author, based on his experience in the insurance industry, unless otherwise noted. How the CIA Triad contributes to information security philosophy or policy. is a security model for assessing an organization's information security and assisting in the development and implementation of security policies. The CIA triad is useful for identifying problems or weaknesses and establishing security solutions. Banaszak (2011) defines information security as “the protection of information and systems from unauthorized access, disclosure, modification, destruction, or disruption.” The three objectives of information security are confidentiality, integrity and availability (Gibson, 2011, p. 12). Confidentiality Confidentiality refers to the prevention of unauthorized access or disclosure of information. Data must be accessible to those who are authorized to access it and prevent those who are not authorized from doing so. Data is protected using access controls and encryption technologies, such as authentication methods to identify users. Once the user is authenticated, permissions are then granted, giving them permission to access resources. Data may be encrypted while at rest, in transit and in use using the network...... middle of paper ...... on systems, processes and/or operations of the company. To have a secure flow of information, businesses must implement an information security framework, which helps them identify risks associated with company information and ways to mitigate those risks. Because the Parkerian Hexad helps analyze security needs, the Parkerian Hexad can be useful in analyzing security needs by applying the six states of information security to an organization's threat and vulnerability analyses, as well as selections of controls and practices. The six states of information security are confidentiality, possession or control, integrity, authenticity, availability, and utility. Parkerian Hexad helps avoid missing important potential threats, vulnerabilities, and security solutions that are common issues during enterprise security reviews..