AP Cybersecurity Unit 2 Lesson 1 Exercise 2
Unit 2 • 2.1 • Exercise 2
Exercise 2 — CIA Triad Applied Analysis
3 parts, 24 points — Apply the CIA Triad to real incidents at Pinnacle Wealth Advisors
Score: 0 / 24Complete all 3 parts to see your final score
Client Organization
Pinnacle Wealth Advisors
Pinnacle Wealth Advisors is a boutique financial firm managing $2.8 billion in client assets across three offices. The firm stores client portfolio data, trade execution records, tax documents, and personally identifiable financial information. Three incidents occurred this quarter that each require CIA Triad analysis.
Part 1
Incident: Client Portfolio Data Exposure
A financial advisor accidentally emailed a spreadsheet containing 340 clients’ portfolio balances, Social Security numbers, and investment strategies to a personal Gmail address instead of the intended colleague. The advisor realized the mistake immediately but the email had already been delivered.
8 points
1a. Classify this incident using the CIA Triad. Identify the primary property violated and explain your reasoning.
Key terms: unauthorized, disclosure, access, personal, exposed, SSN, sensitive, unintended recipient, outside organization
1b. Recommend two countermeasures that would prevent this type of accidental disclosure in the future.
Key terms: DLP, data loss prevention, email filter, encryption, classification, restrict, external, approve, warning, scan, block, attachment
Model Response: Confidentiality was violated. Client PII (SSNs, portfolio balances, investment strategies) was disclosed to an unintended recipient outside the organization. Even though the disclosure was accidental, the data left the firm’s control — it now exists in a personal Gmail inbox that Pinnacle cannot monitor, control, or delete.
Countermeasure 1: Deploy Data Loss Prevention (DLP) that scans outbound emails for sensitive patterns (SSN formats, account numbers) and blocks or quarantines messages containing PII sent to external addresses. Countermeasure 2: Require email encryption for all messages containing financial data, with automatic classification that flags sensitive attachments before sending.
Countermeasure 1: Deploy Data Loss Prevention (DLP) that scans outbound emails for sensitive patterns (SSN formats, account numbers) and blocks or quarantines messages containing PII sent to external addresses. Countermeasure 2: Require email encryption for all messages containing financial data, with automatic classification that flags sensitive attachments before sending.
Part 2
Incident: Unauthorized Trade Modification
An internal audit discovers that a junior analyst accessed the trade execution system using a senior advisor’s credentials and modified the execution prices on 15 historical trades. The modifications made it appear that the senior advisor had achieved better returns than actually occurred. The altered records were included in a quarterly performance report sent to clients.
8 points
2a. Classify this incident and explain which TWO CIA properties were violated.
Key terms: integrity, modified, altered, unauthorized, inaccurate, trust, confidentiality, credentials, impersonate, access
2b. Explain why this is more dangerous than a simple data breach, from both a business and regulatory perspective.
Key terms: trust, fraud, SEC, compliance, audit, client, report, mislead, fiduciary, regulatory, penalty, license, reputation
Model Response: Two properties were violated: (1) Integrity — trade execution prices were deliberately modified, making historical records inaccurate and untrustworthy. Client performance reports contained falsified data. (2) Confidentiality — the analyst used stolen credentials to access the system, gaining unauthorized access to trade data and the senior advisor’s account.
This is more dangerous than a data breach because integrity violations in financial services constitute potential securities fraud. Falsified performance reports sent to clients violate fiduciary duties and SEC regulations. The firm faces regulatory penalties, license revocation, lawsuits from clients who made investment decisions based on fabricated returns, and catastrophic reputational damage. A data breach exposes information; integrity fraud weaponizes false information against clients.
This is more dangerous than a data breach because integrity violations in financial services constitute potential securities fraud. Falsified performance reports sent to clients violate fiduciary duties and SEC regulations. The firm faces regulatory penalties, license revocation, lawsuits from clients who made investment decisions based on fabricated returns, and catastrophic reputational damage. A data breach exposes information; integrity fraud weaponizes false information against clients.
Part 3
Incident: Trading Platform Outage During Market Hours
Pinnacle’s trading platform experienced a 4-hour outage during market hours due to a failed software update. Advisors could not execute trades for clients during a volatile market session. Three clients lost an estimated $180,000 in potential gains because trades could not be placed at optimal prices. No data was stolen or modified during the outage.
8 points
3a. Classify this incident and explain how the timing amplified its impact beyond a typical availability failure.
Key terms: availability, access, timing, market hours, volatile, trade, execute, financial, loss, window, critical, time-sensitive
3b. Pinnacle is debating whether to delay all future software updates until after market close (improving availability) or to apply security patches immediately when released (improving confidentiality/integrity). Explain this CIA tradeoff and recommend a balanced approach.
Key terms: tradeoff, balance, availability, security, patch, schedule, after hours, maintenance window, risk, vulnerability, staging, test
Model Response: This is an availability violation. The trading platform was inaccessible to authorized users (advisors) during a critical operational window. The timing amplified the impact because financial markets operate in real-time — a 4-hour outage during a volatile session meant advisors could not execute time-sensitive trades, resulting in direct financial losses for clients. The same outage overnight would have had zero financial impact.
The tradeoff: delaying patches protects availability (no risk of update-caused outages during trading) but weakens confidentiality/integrity (known vulnerabilities remain exploitable). Applying patches immediately protects C/I but risks A. Balanced approach: Apply critical security patches during a scheduled after-hours maintenance window (e.g., weekends or after market close). Test all patches in a staging environment before deploying to production. For zero-day critical patches, deploy immediately with a rollback plan.
The tradeoff: delaying patches protects availability (no risk of update-caused outages during trading) but weakens confidentiality/integrity (known vulnerabilities remain exploitable). Applying patches immediately protects C/I but risks A. Balanced approach: Apply critical security patches during a scheduled after-hours maintenance window (e.g., weekends or after market close). Test all patches in a staging environment before deploying to production. For zero-day critical patches, deploy immediately with a rollback plan.
AP Cybersecurity 2.1 Exercise 2 | APCSExamPrep.com | Built by Tanner Crow, AP CS Teacher (11+ years)
AP® is a registered trademark of the College Board, which was not involved in the production of this content.
AP® is a registered trademark of the College Board, which was not involved in the production of this content.
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Typically responds within 24 hours
✓
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]