Library
Back to reading

Who Was Donn B. Parker?

Donn B. Parker (1929–2021): The Security Pioneer Who Expanded the Meaning of Information Protection

Donn Blanchard Parker was an American computer security specialist, researcher, consultant, and author who became one of the early pioneers of information security. He is best known for the Parkerian Hexad, a model that expanded the familiar CIA triad of confidentiality, integrity, and availability by adding three further attributes: possession or control, authenticity, and utility. Parker's work helped broaden the way security professionals think about information, moving the field beyond narrow questions of secrecy toward a richer understanding of how information can be harmed, misused, corrupted, stolen, or rendered useless.

Parker was born on 9 October 1929 in San Jose, California, and died on 16 September 2021 in Sunnyvale, California. His career developed during the early decades of commercial computing, when computers were large, expensive, centralized machines operated by governments, universities, banks, insurers, defense contractors, and major corporations. At that time, the word cybersecurity was not yet widely used, and many organizations treated computer risk as a technical or administrative problem rather than as a distinct professional discipline. Parker was among the first to argue that computer misuse, information loss, and system abuse required systematic study.

Parker worked for many years at SRI International, where he investigated computer crime, information security, and the social consequences of computer misuse. His work was unusual because it addressed both technical and human dimensions of security. He was interested not only in how systems failed, but also in why people abused them, how organizations misunderstood risk, and how losses occurred even when traditional technical controls appeared to be in place.

In the early years of computing, many security concerns were framed around unauthorized access. If an outsider obtained access to a computer system, that was clearly a problem. But Parker recognized that information could be harmed in more subtle ways. Data might remain secret but be inaccurate. It might be accurate but unavailable when needed. It might be available but no longer useful. It might be copied without being read, or removed from the control of its rightful owner. These distinctions became central to his thinking.

The standard model of information security became the CIA triad: confidentiality, integrity, and availability. Confidentiality concerns whether information is disclosed only to authorized parties. Integrity concerns whether information remains whole, unaltered, and trustworthy. Availability concerns whether information and systems are accessible when needed. The triad remains useful because it captures three fundamental security concerns in a simple form.

Parker believed, however, that this model was too limited. Real security incidents often involved harms that did not fit neatly into only those three categories. To address this, he proposed an expanded model that became known as the Parkerian Hexad. The model added possession or control, authenticity, and utility to the original three attributes. The six elements are confidentiality, possession or control, integrity, authenticity, availability, and utility.

The first additional element, possession or control, addresses situations in which an authorized party loses control of information even if the information has not yet been disclosed. For example, an encrypted laptop may be stolen. If the encryption holds, confidentiality may not have been breached, but the rightful owner has still lost possession and control of the data-bearing object. Parker's point was that this kind of incident matters in its own right and should not be forced awkwardly into another category.

The second added element, authenticity, concerns whether information is genuine and whether its source or identity can be trusted. A forged message, counterfeit record, spoofed identity, or fraudulent transaction may cause damage even if the information is available and appears internally consistent. In modern terms, authenticity is central to digital signatures, certificates, identity management, transaction validation, and secure communications protocols.

The third added element, utility, concerns whether information is useful for its intended purpose. Information may be confidential, available, authentic, and unchanged, yet still be unusable. A file stored in an obsolete format, data encrypted with a lost key, or records converted into the wrong units may retain some formal properties of security while failing the practical test of usefulness. Parker's inclusion of utility emphasized that security must support use, not merely prevent access or alteration.

The Parkerian Hexad therefore made security analysis more precise. Instead of treating every incident as a simple violation of confidentiality, integrity, or availability, analysts could ask which specific property of information had been damaged. This made the model especially useful for education, incident classification, and risk analysis. It encouraged students and practitioners to think more carefully about the nature of information itself.

Parker's broader career was also important because he helped establish computer crime as a subject worthy of serious investigation. He studied real incidents, collected case material, and wrote about the ways computers could be misused by insiders, outsiders, employees, contractors, and criminals. His books, including Fighting Computer Crime, helped shape early professional understanding of information security risk. The Parkerian Hexad is associated with that 1998 work, where he argued for a broader framework for protecting information.

His approach was practical rather than purely theoretical. Parker understood that security failures often arise from organizational weakness, poor incentives, misplaced trust, inadequate procedures, and human behavior. Technical controls are essential, but they do not eliminate the need for governance, accountability, education, and ethical judgment. In this respect, Parker anticipated many concerns that remain central to cybersecurity today.

The continuing relevance of the Parkerian Hexad is clear in modern digital environments. Cloud computing, mobile devices, encrypted storage, identity systems, supply-chain attacks, ransomware, and data governance all involve security questions that extend beyond the CIA triad. Ransomware, for example, may not initially destroy confidentiality, but it attacks availability and often possession or control. A deepfake or forged instruction may attack authenticity. A corrupted file format or lost decryption key may attack utility. Parker's model gives practitioners a richer vocabulary for describing these distinctions.

Parker also helped remind security professionals that information has value only in context. Protecting information does not mean locking it away so completely that no one can use it. Nor does it mean focusing only on secrecy while ignoring accuracy, origin, accessibility, control, and usefulness. Good security preserves the properties that allow information to serve its purpose.

Donn B. Parker died in 2021 at the age of 91. By then, the field he helped pioneer had become one of the most important areas of modern technology. Cybersecurity had grown from a specialized concern of mainframe operators and government agencies into a global discipline affecting every organization connected to digital systems.

Today, Parker is remembered as one of the early thinkers who broadened the intellectual foundations of information security. The Parkerian Hexad remains valuable because it asks a deceptively simple question: in what exact way has information been harmed? By expanding the discussion beyond confidentiality, integrity, and availability, Parker gave security professionals a more complete way to reason about digital risk. Every modern analysis that distinguishes between secrecy, control, authenticity, usefulness, correctness, and access reflects the kind of careful thinking that Parker helped bring to the field.

Back to reading