AP Cybersecurity Topic 2.1: The CIA Triad | Complete Lesson
Topic 2.1: The CIA Triad
Confidentiality, Integrity, and Availability — the three foundational principles that define every security decision, control selection, risk assessment, and policy in information security.
- 2.1.1 — Learning Objectives(3 min)
- 2.1.2 — Why the CIA Triad Matters(8 min)
- 2.1.3 — Essential Vocabulary & Exam Tips(10 min)
- 2.1.4 — Confidentiality In Depth(10 min)
- 2.1.5 — Integrity In Depth(10 min)
- 2.1.6 — Availability In Depth(10 min)
- 2.1.7 — Real-World Case Studies(8 min)
- 2.1.8 — Defense Strategies(7 min)
- 2.1.9 — Worked Examples: Predict First(6 min)
- 2.1.10 — AP Exam Strategy(5 min)
- 2.1.11 — Frequently Asked Questions(3 min)
12.1.1 — Learning Objectives
By the end of this lesson, you will be able to:
- Define the CIA Triad and explain why it is the foundational framework for all information security decisions
- Precisely distinguish between Confidentiality, Integrity, and Availability using the correct key verbs: disclosed, modified, and denied
- Identify which CIA property is most directly violated in a given attack scenario, including edge cases where multiple properties are affected
- Name the primary technical controls that protect each CIA property and explain why each control addresses its specific property
- Explain Non-Repudiation as a fourth, closely related security property and distinguish it from the core three
- Analyze real-world breach scenarios (Equifax, Colonial Pipeline, Target) and map the attack chain to the CIA properties violated at each stage
- Apply the CIA Triad to Vantex Financial Group’s security decisions in exercises and labs throughout this unit
- Recognize and avoid the five most common AP exam trap answers on CIA Triad questions
22.1.2 — Why the CIA Triad Matters: The Foundation of Security Thinking
Every security decision — every firewall rule, every access control policy, every encryption standard, every risk assessment — can be traced back to one or more of three fundamental questions: Who can see this data? Can this data be trusted? Can authorized users access this data? These three questions map directly to Confidentiality, Integrity, and Availability — collectively known as the CIA Triad.
The CIA Triad is not just an academic framework. It is the lens through which security professionals evaluate threats, select controls, write policies, and communicate risk to executives and regulators. When an organization suffers a breach, investigators immediately ask: which CIA property was violated? When a security architect proposes a new control, the approval committee asks: which CIA property does this protect, and at what cost to the other two?
Understanding the CIA Triad deeply — not just memorizing three words — is what allows you to analyze scenarios you have never seen before and identify the correct security response.
The Three Properties at a Glance
Confidentiality is violated when data is seen, accessed, or disclosed by someone who should not have access. The attack does not need to copy or modify the data — viewing alone is a violation.
Integrity is violated when data is changed, altered, corrupted, or deleted without authorization. The attacker may not have accessed or disclosed the data — unauthorized modification alone is the violation.
Availability is violated when data or systems are inaccessible, offline, or unusable by authorized users who need them. The data may still exist and be unmodified — being unreachable is the violation.
The CIA Triad Is Not Equally Weighted
One of the most important and underappreciated aspects of the CIA Triad is that different organizations and systems weight the three properties differently based on their mission and data types. A financial institution like Vantex Financial Group, which processes wire transfers and holds client SSNs, must treat all three properties as critical — but the priority order shifts by context:
- Wire transfer systems: Integrity is paramount. A single altered digit in an account number redirects millions of dollars. Confidentiality matters too, but an integrity failure is immediately, irreversibly catastrophic.
- Online banking portal: Availability is critical. If customers cannot access their accounts during business hours, financial and reputational damage begins immediately. A brief outage matters far more here than to a system that runs batch jobs overnight.
- Client PII database (SSNs, account numbers): Confidentiality is paramount. Disclosure triggers regulatory investigations, GDPR/CCPA violations, and class-action lawsuits. The data being readable but offline is a problem; the data being publicly exposed is catastrophic.
- National security systems: Confidentiality dominates so heavily that availability is sometimes deliberately sacrificed (air-gapped systems are by definition less available) to prevent any possibility of unauthorized access.
- Emergency dispatch (911 systems): Availability is nearly the only concern. A 911 system that is highly confidential but offline when someone is having a heart attack has failed its mission completely.
The Inherent Tension Between Properties
The CIA Triad’s three properties are not independent — they pull against each other. Every security architecture involves tradeoffs that must be consciously managed. Understanding these tensions is essential for AP exam scenario analysis and for real-world security work:
CIA Triad Tensions: Why You Cannot Maximize All Three Simultaneously
Confidentiality vs. Availability. The strongest confidentiality measures reduce availability. Encrypting every field in a database protects confidentiality but slows query performance and increases system load. Requiring multi-factor authentication before every action protects confidentiality but creates friction that reduces availability. Air-gapping a classified network maximizes confidentiality but eliminates all remote availability. Design decision: How much access friction is acceptable given the sensitivity of the data?
Integrity vs. Availability. Strong integrity controls add latency. Computing and comparing SHA-256 hashes on every database record read-and-write protects integrity but increases transaction time. Requiring digital signatures on every transaction prevents unauthorized modifications but adds processing overhead. In high-frequency trading or real-time banking systems, even milliseconds of additional latency from integrity checks can have measurable business impact. Design decision: How much performance overhead is acceptable to detect modification?
Confidentiality vs. Integrity. Encryption protects confidentiality but can obscure integrity. End-to-end encrypted communications hide content from interceptors (confidentiality) but also from the security systems designed to detect malicious payloads (integrity of the system). Organizations that decrypt and inspect traffic for malware gain integrity at the cost of user confidentiality. Design decision: Should the organization inspect encrypted traffic for threats, and what are the legal and trust implications?
Which CIA property was PRIMARILY violated?
32.1.3 — Essential Vocabulary & Exam Tips
AP Cybersecurity exam questions test precise vocabulary. A wrong answer on a CIA Triad question almost always results from using the right concept with the wrong term, or from confusing two closely related terms. The table below covers every term you must know, plus the exam traps associated with each one.
| Term | Definition | Exam Trap / Critical Distinction |
|---|---|---|
| CIA Triad | The three foundational security properties: Confidentiality, Integrity, and Availability. All information security controls, policies, and risk decisions map to one or more of these properties. | TRAP Authentication, Non-repudiation, and Authorization are not part of the CIA Triad. Do not substitute them when the question asks about a CIA property. |
| Confidentiality | Ensuring that information is accessible only to those authorized to access it. Unauthorized disclosure — viewing, reading, copying — violates Confidentiality even if the data is not modified. | TRAP Viewing alone is a violation. Confidentiality is not only about data leaving the organization — an internal employee reading records they are not authorized to view is a Confidentiality breach. |
| Integrity | Ensuring that data is accurate, complete, and has not been modified except through authorized processes. Both malicious modification (attacker changes records) and accidental corruption (bit flip during transmission) violate Integrity. | TRAP Deletion is an Integrity violation, not just an Availability violation. Permanently deleting records without authorization destroys their accuracy (they no longer exist), making it an Integrity failure. Temporary inaccessibility is Availability; permanent destruction is Integrity. |
| Availability | Ensuring that systems and data are accessible to authorized users when they need them. Both intentional attacks (DDoS) and unintentional failures (power outage, hardware failure) can violate Availability. | TRAP Availability failures do not require an attacker. Natural disasters, misconfigured systems, and hardware failure all violate Availability. The question does not need to describe a cyber attack for Availability to be the correct answer. |
| Non-Repudiation | The ability to prove that a specific entity performed a specific action, such that they cannot credibly deny it. Digital signatures are the primary non-repudiation control. | TRAP Non-repudiation is often tested alongside CIA but is not one of the three CIA properties. It supports both Integrity (proving data was not altered) and Confidentiality (proving who accessed data), but it is its own distinct concept. |
| Authentication (AuthN) | The process of verifying identity: proving that a user, system, or entity is who it claims to be. Password checks, biometrics, and MFA are authentication mechanisms. | TRAP Authentication is a mechanism that supports Confidentiality (by preventing unauthorized access), not a CIA Triad property itself. If a question asks which CIA property is protected by MFA, the answer is Confidentiality, not Authentication. |
| Authorization (AuthZ) | The process of determining what an authenticated entity is permitted to do. Role-based access control (RBAC) is an authorization mechanism. Authentication asks “who are you?”; Authorization asks “what are you allowed to do?” | TRAP Authorization failures often manifest as Confidentiality violations (a user accesses data beyond their permission level). However, Authorization itself is not a CIA property — it is a control mechanism that enforces Confidentiality. |
| Data Classification | The process of categorizing data by sensitivity level (e.g., Public, Internal, Confidential, Restricted). Classification drives Confidentiality controls — more sensitive data receives more restrictive access controls. | TRAP Data classification is a Confidentiality control, not an Integrity or Availability control. Questions about “which security property does a data classification policy primarily protect?” should always be answered with Confidentiality. |
| Hashing | A one-way mathematical function that converts input data into a fixed-length output (hash/digest). Any change to the input — even a single character — produces a completely different hash, making tampering detectable. | TRAP Hashing protects Integrity, not Confidentiality. Hashes are not encryption — they do not hide the original data. SHA-256 generates a fingerprint to detect modification; AES-256 encrypts data to prevent unauthorized reading. |
| Encryption | The transformation of readable data (plaintext) into unreadable form (ciphertext) using an algorithm and key. Only parties with the correct key can decrypt the data back to readable form. | TRAP Encryption primarily protects Confidentiality. It does not inherently protect Integrity (an attacker could modify ciphertext without being able to read it) or Availability. TLS/HTTPS encrypts data in transit; AES encrypts data at rest. |
| Redundancy | Duplication of critical system components (servers, power supplies, network links) so that if one fails, another takes over without service interruption. | TRAP Redundancy is an Availability control, not a Confidentiality or Integrity control. RAID arrays, failover servers, and geographic distribution all protect Availability. Redundancy does nothing to prevent unauthorized data access. |
| Backup | A copy of data stored separately from the primary system, used to restore data after loss, corruption, or ransomware encryption. | TRAP Backups protect Availability (restoring access) and can support Integrity (restoring uncorrupted data). They do not protect Confidentiality — if the backup is not encrypted, it creates an additional exposure surface for unauthorized access. |
★ Deep Dive: Non-Repudiation — The Fourth Pillar
Non-repudiation frequently appears on AP Cybersecurity exams as either an answer choice or the correct answer to questions about digital signatures and audit logs. It is worth understanding deeply because it is the one closely-related concept that students most often confuse with the core CIA properties.
Why Non-Repudiation matters to Vantex: When a Vantex client disputes a $50,000 wire transfer, claiming they never authorized it, Vantex’s legal team needs to prove that the client did authorize it and cannot credibly deny the action. Digital signatures on the authorization request accomplish this. The signature proves both that the data was not altered after signing (Integrity) and that only the client could have generated that specific signature with their private key (Non-Repudiation).
The key distinction: Integrity asks “Was this data changed?” Non-Repudiation asks “Can this person deny they did this?” A backup system with SHA-256 hashing gives you Integrity. A system with digital signatures gives you both Integrity and Non-Repudiation. The difference matters when you need to take someone to court.
AP exam rule: If a scenario mentions a person denying an action, or describes the need to prove who performed an action, the answer is Non-Repudiation — not Integrity, not Confidentiality.
Drag or select the correct CIA property for each incident.
42.1.4 — Confidentiality In Depth
Confidentiality is the property that most people intuitively associate with “security.” It governs who can see data. Every time an organization encrypts a hard drive, requires a password, classifies a document as “Confidential,” or revokes an employee’s access after they leave, it is enforcing Confidentiality. Understanding Confidentiality at depth means understanding how data gets disclosed and which specific controls prevent each disclosure pathway.
2.1.4a — How Confidentiality Is Violated
Confidentiality violations occur across a spectrum from deliberate external attacks to accidental internal mistakes. Security architects must design controls for all of them:
| Violation Type | Description | Vantex Example | Primary Control |
|---|---|---|---|
| Unauthorized External Access | An external attacker gains access to data they have no right to view. The most publicized category — SQL injection, credential theft, phishing — leads here. | An attacker uses a stolen credential to log into Vantex’s client database and download 500,000 account records. | Encryption at rest, MFA, access control lists, intrusion detection |
| Insider Threat | A current or former employee with some legitimate access exceeds their authorization and views data they are not permitted to see. Can be deliberate (malicious insider) or accidental (misconfigured permissions). | A Vantex teller pulls up 200 executive client accounts out of curiosity — their role only permits access to their own assigned customers. | Role-based access control (RBAC), least privilege, access logging and auditing |
| Interception in Transit | An attacker on a network path intercepts data as it moves between systems. Classic man-in-the-middle (MITM) attack vector. Critical on unencrypted connections. | An attacker on the same hotel Wi-Fi as a Vantex employee intercepts unencrypted HTTP traffic containing login credentials and session tokens. | TLS/HTTPS encryption in transit, VPNs, certificate validation |
| Improper Disposal | Data is not properly destroyed when no longer needed. Hard drives are discarded without wiping; paper documents are thrown in recycling; backup tapes are donated without reformatting. | Vantex replaces aging servers without wiping drives. A recycler recovers the drives and reads five years of client transaction records. | Secure media destruction (degaussing, shredding), data retention policies |
| Oversharing / Misconfiguration | Data intended to be private is accidentally made accessible due to misconfigured cloud storage, wrong email recipients, or improperly set file permissions. | A Vantex developer accidentally sets an S3 bucket containing client KYC documents to “public read” during a deployment. It is accessible to anyone on the internet for 72 hours before discovery. | Access control audits, cloud security posture management (CSPM), DLP tools |
2.1.4b — Confidentiality Controls: What They Protect Against
Encryption
At rest: AES-256 encrypts stored data so that physical access to a drive yields only ciphertext. Even if an attacker steals the drive, they cannot read the data without the decryption key.
In transit: TLS (used in HTTPS) encrypts data moving between systems, making MITM interception useless. Vantex enforces TLS 1.3 on all external connections.
End-to-end: Only sender and recipient can decrypt. Not even the transmission provider can read the content. Critical for client communications involving account details.
Authentication & Authorization
Authentication confirms identity before granting any access. MFA adds a second factor, ensuring stolen passwords alone cannot grant access to Vantex client records.
Role-Based Access Control (RBAC) ensures authenticated users only see what their role requires. A Vantex teller can view their assigned customer accounts; they cannot view executive accounts or system configuration files.
Least Privilege ensures no user has more access than their job requires. Regular access reviews revoke permissions accumulated over time as roles change.
What Breaks Confidentiality
Unencrypted transmission: Any data sent over HTTP (not HTTPS) can be intercepted in transit. Login credentials, session cookies, and account data sent in plaintext are trivially captured on shared networks.
Weak or reused passwords: A single compromised password that unlocks access to client SSNs is a Confidentiality failure waiting to happen. Password managers and MFA exist specifically to prevent this chain.
Permission creep: Employees accumulate access rights over time as their roles change without corresponding access removal. An employee who moved from Teller to Marketing still having Teller-level database access is a ticking Confidentiality risk.
Visualizing a Confidentiality Failure
Step 1: An attacker sends a spear-phishing email to a Vantex compliance officer, who clicks a malicious link and has their session cookie stolen.
Step 2: The attacker uses the cookie to authenticate to the Vantex client portal as the compliance officer, who has access to all accounts for regulatory review purposes.
Step 3: The attacker downloads 200,000 client records including SSNs, account balances, and loan histories.
CIA property violated: Confidentiality. The data was not modified and the portal stayed online. The violation was purely unauthorized disclosure.
Which statements about confidentiality controls are CORRECT?
I. Encrypting research data at rest prevents unauthorized users from reading it even if they steal the storage drives.
II. Role-based access controls limit who can view proprietary formulas to authorized researchers only.
III. Daily backups of research data ensure that stolen data can be recovered and the theft undone.
Complete the explanation of how hashing protects data.
Ironclad generates a SHA-256 hash for each manifest entry when it is created. This hash protects data (the CIA property concerned with data accuracy).
If an attacker modifies a shipping address, the value will no longer match the original, revealing that the record was changed.
Hashing does not prevent (unauthorized modification), but it allows Ironclad to that tampering occurred.
62.1.6 — Availability In Depth
Availability is the CIA property that directly determines whether a system can fulfill its purpose. A system that is perfectly confidential and perfectly integral is useless if it cannot be accessed when needed. For organizations like Vantex Financial Group — which depend on continuous access to banking systems for thousands of daily transactions — even brief outages have immediate, measurable financial and reputational costs. Availability is violated whenever authorized users are denied access, regardless of why the system is unavailable.
2.1.6a — Availability Threats: Intentional and Unintentional
Unlike Confidentiality and Integrity, which are almost always violated by deliberate action, Availability can be violated by a wide range of causes. AP exam questions often describe non-attack scenarios — hardware failures, natural disasters, misconfiguration — as Availability violations, which surprises students who associate security failures only with attackers:
| Availability Threat | Category | Vantex Impact | Primary Control |
|---|---|---|---|
| Distributed Denial of Service (DDoS) | Intentional / External | Botnet floods Vantex online portal with millions of requests per second. Legitimate customers cannot log in or process transactions. Maximum business disruption at minimum attacker cost. | DDoS mitigation services (Cloudflare, AWS Shield), rate limiting, traffic scrubbing, CDN offloading |
| Ransomware Encryption | Intentional / External | Ransomware encrypts Vantex file servers and databases. All client data, transaction records, and applications become inaccessible until ransom is paid or backups are restored. | Offline backups, endpoint detection and response (EDR), network segmentation to limit spread, incident response plan |
| Hardware Failure | Unintentional / Internal | A primary storage array fails due to a RAID controller failure. Transaction processing halts for 6 hours until the array is replaced and data is restored from backup. | Hardware redundancy (RAID, clustered storage), spare parts inventory, regular hardware lifecycle management |
| Power Outage | Unintentional / Environmental | A regional power grid failure takes down Vantex’s primary data center. No transactions can be processed for 4 hours. | Uninterruptible Power Supplies (UPS), backup generators, geographic redundancy with secondary data centers in different power grids |
| Software Bug / Misconfiguration | Unintentional / Internal | A developer deploys an update with a null pointer exception that crashes the transaction processing service. Customers receive errors for 2 hours until the deployment is rolled back. | Staged rollouts (canary deployment), automated testing, rollback capabilities, change management processes |
| Natural Disaster | Unintentional / Environmental | A tornado destroys Vantex’s primary data center building. All data and systems in that location are gone. | Disaster recovery plan, geographic redundancy with active-passive or active-active failover, data replication to secondary sites |
2.1.6b — Availability Controls: The Redundancy Architecture
Multiple Copies at Every Level
Data redundancy (RAID): RAID 1 mirrors data across two drives. If one fails, the other continues serving requests with no interruption. RAID 5/6 distributes data and parity for both performance and redundancy.
Server redundancy: Vantex runs at least two active transaction servers. If one fails, a load balancer redirects traffic to the other with no customer impact. Failover is automatic and completes in under 30 seconds.
Network redundancy: Multiple ISP connections from different providers ensure that a single provider outage does not take the site offline. BGP routing automatically fails over to the healthy link.
Geographic redundancy: Vantex maintains a secondary data center in a different city. If the primary site is destroyed or unusable, the secondary site assumes full operations. Data is replicated in real time.
RTO and RPO: Measuring Availability Commitments
Recovery Time Objective (RTO): The maximum acceptable time the system can be down before recovery must be complete. Vantex’s online banking RTO is 4 hours — a longer outage triggers regulatory reporting requirements.
Recovery Point Objective (RPO): The maximum acceptable amount of data loss measured in time. Vantex’s RPO is 15 minutes — they take incremental backups every 15 minutes and replicate data in near-real-time. An outage could result in at most 15 minutes of transactions needing to be re-entered.
Why this matters on the AP exam: RTO and RPO are Availability metrics. A question asking “which metric defines how much data loss is acceptable?” is asking for RPO. “How long can the system be down?” is RTO.
Where Students Miss Availability Questions
Trap 1 — No attacker needed: Hardware failure, software crashes, and natural disasters are Availability violations even though no attacker is involved. Security is not only about cyber attacks.
Trap 2 — Ransomware is primarily Availability: Students often call ransomware a Confidentiality violation. If the ransomware only encrypted files (common) and did not exfiltrate them, the primary violation is Availability (files are inaccessible). Only if data was exfiltrated is Confidentiality also violated.
Trap 3 — Backups are Availability, not Integrity: Backups exist to restore access after data loss — an Availability control. Students confuse this with Integrity because “the data needs to be accurate.” Unless the backup includes hash verification, it is primarily an Availability control.
When Ransomware Violates ALL THREE
Modern ransomware operators run a “double extortion” strategy: they first exfiltrate sensitive data, then encrypt the organization’s files and demand a ransom for both the decryption key and a promise not to publish the stolen data.
Phase 1 (Exfiltration): Confidentiality violated — data was disclosed to the attacker.
Phase 2 (Encryption of files): Availability violated — authorized users cannot access their files.
Phase 3 (If logs were modified): Integrity violated — audit records were altered to hide the breach timeline.
AP exam rule: If only encryption is described (no exfiltration mentioned), the primary violation is Availability. If the scenario mentions data being stolen or copied before encryption, add Confidentiality to the analysis.
I. Ransomware encrypted the student information system for 18 hours, preventing teachers from entering grades.
II. A software bug displayed Student A’s transcript when Student B logged into the portal.
III. A power surge destroyed the primary database server, requiring a 3-day rebuild from backups.
Which incidents are classified as Availability violations?
72.1.7 — Real-World Case Studies: CIA Triad Failures at Scale
Studying real breaches through the CIA Triad lens builds the pattern recognition needed for AP exam scenario analysis. Each case below maps the attack chain to specific CIA violations and identifies what control would have prevented each stage.
What happened: Attackers exploited a known vulnerability (CVE-2017-5638) in Apache Struts, a web application framework used by Equifax. The vulnerability had a patch available for two months before the breach began. Attackers gained access to Equifax’s internal systems and exfiltrated data for 76 days before detection.
Scale: 147 million Americans’ personal information was exposed, including names, SSNs, birth dates, addresses, driver’s license numbers, and approximately 209,000 credit card numbers.
CIA Analysis: This is a pure Confidentiality violation — the data was not modified, and Equifax’s systems were not significantly disrupted. The failure was unauthorized disclosure of highly sensitive data at massive scale. Integrity and Availability remained largely intact; Confidentiality failed catastrophically.
What failed at the CIA Triad level: (1) Patch management failure: a known vulnerability remained unpatched for 60+ days, creating the initial access vector. (2) Network segmentation failure: once inside one system, attackers could pivot laterally to access data stores they should not have been able to reach. (3) Data Loss Prevention (DLP) failure: 147 million records were exfiltrated over 76 days without triggering alerts.
What would have prevented it: Applying the available patch within a normal 30-day window; network segmentation preventing lateral movement from the web tier to the database tier; anomaly detection on unusually large data transfers outbound.
What happened: The DarkSide ransomware group gained access to Colonial Pipeline’s IT network through a compromised VPN account that did not have MFA enabled. They deployed ransomware that encrypted critical billing and business systems. Colonial Pipeline shut down its 5,500-mile pipeline as a precaution, causing fuel shortages across the U.S. East Coast.
Scale: The pipeline supplies approximately 45% of the East Coast’s fuel. The shutdown lasted 6 days. Colonial Pipeline paid $4.4 million in bitcoin ransom (most was later recovered by the FBI). Gas prices spiked, stations ran dry, and a state of emergency was declared in multiple states.
CIA Analysis: The immediate, economy-disrupting impact was Availability — the systems that controlled billing and operational scheduling became inaccessible, causing the voluntary pipeline shutdown. DarkSide also exfiltrated approximately 100GB of data before deploying the ransomware (double extortion), adding a Confidentiality violation to the attack.
What failed at the CIA Triad level: (1) Authentication: a single compromised password on a VPN account without MFA provided full network access. (2) Segmentation: attackers moved from the IT network and reached operational technology (OT) adjacent systems. (3) Incident response planning: the decision to shut down the entire pipeline was a business decision made in the absence of a clear IR playbook for ransomware.
Key lesson: A single user account without MFA was the entry point for one of the most disruptive infrastructure attacks in U.S. history. MFA on all remote access accounts is an Availability (and Confidentiality) control that costs almost nothing to implement.
What happened: Attackers compromised a third-party HVAC vendor that had remote access to Target’s network for billing and contract management. Using the vendor’s credentials, attackers pivoted into Target’s payment network and installed malware on point-of-sale (POS) terminals at Target stores nationwide. The malware scraped credit card data from RAM as cards were swiped — a technique called “RAM scraping.”
Scale: Approximately 40 million credit and debit card numbers and 70 million customer records (names, addresses, phone numbers, emails) were stolen during the peak holiday shopping season. Target’s CEO and CIO resigned. Target paid $18.5 million in a multistate settlement.
CIA Analysis: The primary violation was Confidentiality — payment card data and PII were disclosed to attackers. Integrity was also implicated: the attackers modified POS terminal software by installing malware (unauthorized modification of executable code = Integrity violation). Availability was not significantly affected — stores continued operating and customers could still make purchases (unknowingly handing over their card data).
What failed at the CIA Triad level: (1) Third-party access control: the HVAC vendor should not have had access to the same network segment as POS terminals. Network segmentation was inadequate. (2) Software Integrity: there was no file integrity monitoring to detect the installation of unauthorized software on POS terminals. (3) Anomaly detection: the large volume of card data being transmitted to an external server should have triggered DLP alerts.
Select ALL controls that primarily protect Confidentiality.
82.1.8 — Defense Strategies: Controls Mapped to CIA Properties
Every security control in your toolkit protects at least one CIA property — and understanding which one is crucial both for AP exam questions and for real security architecture. The mapping below covers the primary controls for each property and the key controls that span multiple properties.
Identify the error in the security manager’s reasoning.
92.1.9 — Worked Examples: Predict First, Then Classify
Use the predict-first approach: before reading the answer choices on any CIA Triad scenario question, identify the key verb in the attack description. Disclosed? Accessed? Seen? → Confidentiality. Modified? Changed? Altered? Corrupted? Deleted? → Integrity. Denied? Inaccessible? Offline? Unavailable? → Availability.
Predict the Key Verb
The DBA ran a DELETE statement. The applications are permanently removed. Key verb: deleted — a form of modification (the data no longer accurately exists). This is an Integrity violation.
Slash the Trash
Confidentiality? No data was read or disclosed — eliminate. Availability? The database system itself is still accessible (employees can log in) — eliminate. The violation is specifically to the accuracy of the data, which no longer exists. That is Integrity.
The Availability Trap
The answer is NOT Availability, even though employees “cannot access” the applications. The system is online and accessible — the data was permanently destroyed, not temporarily unavailable. Permanent destruction = Integrity. Temporary inaccessibility = Availability. This is one of the most common wrong answers on CIA Triad questions.
Integrity. Unauthorized deletion permanently destroyed the accuracy and completeness of the database. The system’s online state is irrelevant — the data itself has been modified (deleted) without authorization. Controls that would have prevented this: (1) Revoke database credentials immediately upon resignation submission; (2) Require two-person authorization for DELETE operations on production data; (3) More frequent backups with shorter RPO to reduce data loss.
Map Each Phase to a CIA Property
Phase 1 (credential theft): Enables everything but is itself a precursor, not yet a CIA violation of Vantex’s data. Phase 2 (PII downloaded): Data was disclosed to an unauthorized party — Confidentiality violated. Phase 3 (ransomware encryption): Authorized users are denied access to encrypted files — Availability violated. Shadow copy deletion: removes the ability to restore — also Availability.
Identify the PRIMARY Violation for an AP Exam Question
If the question asks “which CIA property was violated?” (singular), you need the primary/most immediate impact. The ransomware’s immediate effect is making systems unusable — Availability. But if the question asks “which properties were violated in this attack?” the correct answer is both Confidentiality and Availability.
Phase 2: Confidentiality. Phase 3: Availability. This is a double-extortion ransomware attack. The attacker has leverage on two fronts: restore access (ransom for decryption key) and prevent publication (ransom for not releasing 850,000 SSNs). When the AP exam asks which CIA property ransomware “most directly” violates, look for whether data exfiltration is described. If yes: Confidentiality is also violated. If only encryption is described: the answer is Availability.
Which claim contains the error?
1. “TLS encrypts data in transit, protecting Confidentiality.”
2. “SHA-256 hashing detects unauthorized file modifications, protecting Integrity.”
3. “Redundant servers with automatic failover protect Availability.”
4. “Encrypting database backups primarily protects Availability.”
Select the primary CIA property for each control.
?2.1.11 — Frequently Asked Questions
Q: Can the same attack violate multiple CIA properties? How do I know which one to choose on the exam?
Yes, and this is the most common source of confusion on CIA Triad exam questions. Many attacks violate multiple properties — ransomware that exfiltrates data before encrypting it violates both Confidentiality and Availability. When the exam asks which property was “MOST directly” or “primarily” violated, focus on the main effect described in the scenario. If the scenario emphasizes that systems went offline and users cannot access data, the answer is Availability. If it emphasizes that customer data was stolen or read, the answer is Confidentiality. If it emphasizes that records were changed or corrupted, the answer is Integrity. The key word “primarily” or “most directly” is your cue to pick the dominant violation.
Q: Is Non-Repudiation part of the CIA Triad? The exam seems to treat it as a fourth property.
Non-Repudiation is not one of the three CIA Triad properties, but it is closely related and frequently tested alongside them. Some security frameworks extend the CIA Triad to a “CIA + NR” model. On the AP exam, when a question specifically involves a person denying they performed an action, or when digital signatures are used to provide legal proof of authorship, the answer is Non-Repudiation. If the question only asks about the CIA Triad, remember there are exactly three properties: Confidentiality, Integrity, and Availability. Non-Repudiation is a separate but important fourth concept.
Q: Is deleting data an Integrity or Availability violation? I keep getting this wrong.
This is one of the most tested distinctions on the AP exam. The key is whether the deletion is permanent or temporary. Permanent deletion = Integrity violation. The data no longer exists or is no longer accurate — unauthorized modification destroyed it. Temporary inaccessibility = Availability violation. The data still exists but cannot be reached right now (system is offline, DDoS in progress, etc.). Ransomware that encrypts files (data still exists, just locked) = Availability. A disgruntled employee who runs DROP TABLE (data is gone) = Integrity. Memorize this: gone for good = Integrity; temporarily unreachable = Availability.
Q: If encryption protects data from attackers reading it, why doesn’t it also protect Integrity?
Encryption transforms readable data into ciphertext, but it does not prevent a determined attacker from modifying that ciphertext. When the modified ciphertext is decrypted, the result is corrupted or attacker-controlled data — an Integrity violation. This is called a “bit-flipping” or “chosen-ciphertext” attack. Modern authenticated encryption modes (like AES-GCM) combine encryption with a message authentication code (MAC) that detects modification, providing both Confidentiality and Integrity. But plain AES encryption (without a MAC) only provides Confidentiality. The lesson: Confidentiality and Integrity require different controls, and assuming encryption covers both is one of the most dangerous mistakes in security architecture.
Q: My teacher said MFA protects Confidentiality. But isn’t MFA an authentication control?
Both statements are correct and consistent. MFA is an authentication mechanism — it verifies identity. The CIA Triad property it most directly protects is Confidentiality — because by ensuring only authorized users can authenticate, it prevents unauthorized access to (disclosure of) data. Authentication is the mechanism; Confidentiality is the CIA property being protected. This distinction matters on exam questions that ask “which CIA property does MFA protect?” The answer is Confidentiality, not Authentication (which is not a CIA property).
Q: How do I apply the CIA Triad to the Vantex Financial Group scenarios in exercises and labs?
Every Vantex scenario throughout Unit 2 is designed around CIA Triad violations and controls. The systematic approach: (1) Identify the type of data involved (client SSNs, transaction records, system logs, public documents). (2) Identify what happened to it (accessed without authorization, modified, made inaccessible). (3) Map the event to a CIA property using the key verbs. (4) Identify the control that would have prevented it and which CIA property that control primarily protects. If you build this habit in exercises, it will be automatic on the exam.
Select ALL CIA properties that were violated in this attack.
Tanner has taught AP Computer Science for 11+ years and built APCSExamPrep.com to give every student access to the same resources his own students use. He holds 1,845+ verified tutoring hours on Wyzant with a 5.0 rating from 451+ reviews. His AP CSA students score 5s at more than double the national average (54.5% vs. 25.5% nationally).
+Continue Learning
Practice what you learned, then move to the next topic in Unit 1:
Lesson → Exercise 1 → Exercise 2 → Lab → Quiz
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]