The CIA Triad: Protecting Confidentiality, Integrity, and Availability

The CIA Triad: Protecting Confidentiality, Integrity, and Availability

Grades 9–12 · Cybersecurity & AI Education · NYS 9-12.CY.2 · 60 Minutes

NYS-Aligned Standard

9-12.CY.2 — Describe physical, digital, and behavioral safeguards that can be employed to protect the confidentiality, integrity, and accessibility of information. NYS Computer Science and Digital Fluency Learning Standards (2020)

Learning Objectives — “I Can” Statements

• I can define the CIA triad — confidentiality, integrity, availability — and give an example threat to each.
• I can recommend physical, digital, and behavioral safeguards for a specific system.
• I can justify which CIA goal matters most for a given scenario.

Essential Question

How do security professionals decide which safeguards to apply, and what are they actually protecting?

Lesson Sequence

Hook / Warm-Up (8 min)

Three short failures: a leaked grade file (confidentiality), a tampered bank balance (integrity), a hospital system knocked offline (availability). Ask: “What broke in each case?” Surface the three goals.

Direct Instruction (16 min)

1. Confidentiality — only authorized people can access information (threats: phishing, weak access control).
2. Integrity — information is accurate and unaltered (threats: tampering, malware, bad input).
3. Availability — information/services are accessible when needed (threats: ransomware, denial-of-service, hardware failure).
4. Safeguard categories: physical (locks, secure facilities), digital (encryption, access control, backups, MFA), behavioral (training, least-privilege habits, verifying requests).

Applied Case Study (26 min)

Teams receive a system profile (a school grade portal, a small clinic’s records, an online store). Using a CIA Safeguard Matrix, they: (a) identify the top threat to each CIA goal, (b) recommend one physical, one digital, and one behavioral safeguard, and (c) rank which CIA goal is most critical for that system and defend the choice.

Closure (10 min)

Each team presents its highest-priority safeguard and the CIA goal it protects; class critiques tradeoffs (e.g., strong access control vs. usability).

SDI & Differentiation Block

Supports for MLLs/ELLs

Entering/Emerging (NYSESLAT Levels 1–2):

• Provide a labeled CIA visual (lock = confidentiality, checkmark = integrity, clock = availability).
• Sentence frame: “A threat to ___ is ___ . A safeguard is ___ .”

Transitioning/Expanding (NYSESLAT Levels 3–4):

• Pre-teach: confidentiality, integrity, availability, encryption, access control, ransomware.
• Provide the matrix with the first row modeled.

Supports for Students with IEPs

SDI Adaptation Dimensions: content, methodology

• Content: Assign one CIA goal per student; provide a safeguard word bank.
• Methodology: Offer a completed example system before the independent case.

Suggested Placement: ICT

Answer Key / Model Responses

Sample (school grade portal):

• Confidentiality — threat: stolen login → safeguard: MFA (digital), staff training on phishing (behavioral), locked server room (physical).
• Integrity — threat: unauthorized grade change → safeguard: role-based access + audit logs (digital), change-verification habit (behavioral).
• Availability — threat: ransomware → safeguard: regular offline backups (digital), surge protection/UPS (physical).
• Most critical: often integrity for a grade portal, because inaccurate official records cause direct harm; defensible alternatives accepted with reasoning.

Alignment Record