Types of Security Controls | AP Cybersecurity

AP Cybersecurity Topics › Types of Security Controls
Unit 2 • Topic 2.1 • Cyber Foundations

Types of Security Controls (and the CIA Triad They Protect)

A security control is a safeguard that reduces risk. Topic 2.1 asks you to identify types of controls. Every control protects at least one goal of the CIA triad: confidentiality, integrity, or availability.

Contents

  1. What controls protect: the CIA triad
  2. Classifying controls
  3. Real-world example
  4. Key terms
  5. Match it up
  6. Check for Understanding
  7. FAQ
CIAwhat controls protect
By typemanagerial, technical, physical
By functionprevent, detect, correct
ConfidentialityIntegrityAvailability
The CIA triad: every security control protects at least one of these goals.

What controls protect: the CIA triad

Security controls exist to protect at least one part of the CIA triad. Confidentiality means only authorized people can read data. Integrity means data is accurate and unaltered. Availability means data and systems are accessible when needed.

When you evaluate any control, ask which goal it protects. Encryption protects confidentiality; a checksum protects integrity; a backup protects availability.

Scenario

A company keeps redundant servers so a failure does not take the site offline. Which CIA goal does this protect?

Reveal answer

Availability. Redundancy keeps systems accessible when needed, even if one component fails.

Exam tip

Map the control to the goal: secrecy = confidentiality, accuracy = integrity, uptime and access = availability.

Classifying controls

Controls are classified by type and by function. By type, controls can be managerial (policies and training), technical (software and configuration), or physical (locks and cameras). By function, controls can prevent an attack, detect one, or correct after one.

A single safeguard can fit more than one category. A firewall is a technical control whose function is largely preventive.

Scenario

Employee security training is which type of control?

Reveal answer

A managerial control. Training is a policy-and-people safeguard rather than a technical configuration or a physical barrier.

Real-world example

The CIA triad in real incidents

A data leak breaks confidentiality, a tampered record breaks integrity, and a ransomware lockout breaks availability. Naming which goal an incident violates guides the right response.

Map each control and each incident to a CIA goal.

Key Terms

Confidentiality Only authorized people can read the data.
Integrity Data is accurate and unaltered.
Availability Data and systems are accessible when needed.
Managerial control A policy or training safeguard.
Technical control A software or configuration safeguard.

Match It Up

Tap a term, then tap its definition. Correct pairs lock in green.
Term
Definition
All matched. Nice work.

Common Mistakes

!

Forgetting controls map to CIA

Every control protects confidentiality, integrity, or availability; name which.

!

Mixing confidentiality and integrity

Confidentiality is secrecy; integrity is accuracy. They are different goals.

!

Calling every control technical

Controls can also be managerial (policy) or physical (locks).

!

Ignoring function

A control also has a function: prevent, detect, or correct.

Check for Understanding

Predict your answer before you tap. Click a choice to check it and read why.
Question 1
Every security control protects at least one part of the:
A. Controls protect confidentiality, integrity, or availability, the CIA triad.
Question 2 Predict first
Encryption of stored data primarily protects which CIA goal?
B. Encryption keeps data unreadable to unauthorized parties, protecting confidentiality.
Question 3
Which are control types? I. Managerial. II. Technical. III. Physical.
D. Controls can be classified by type as managerial, technical, and physical.
Question 4 Predict first
A backup that restores data after an incident is classified by function as:
C. A backup that restores after an incident performs a corrective function.
Question 5
Keeping data accurate and unaltered is which CIA goal?
B. Integrity means data is accurate and has not been tampered with.
Question 6
Employee security-awareness training is which type of control?
C. Training is a managerial control, a policy-and-people safeguard.

Frequently Asked Questions

Confidentiality (only authorized access), integrity (accurate and unaltered data), and availability (accessible when needed). Every security control protects at least one of these.
By type (managerial, technical, physical) and by function (preventive, detective, corrective). One control can fit more than one category.
Confidentiality is about secrecy, keeping data from unauthorized eyes. Integrity is about accuracy, keeping data from being altered.
← PreviousRisk Assessment
Keep studying
All TopicsUnit 2 Study GuidePractice Questions

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]