Back to the full dot-point answer
NSWSoftware EngineeringQuick questions
Module 1: Secure Software Architecture
Quick questions on The CIA triad explained: HSC Software Engineering Module 1
7short Q&A pairs drawn directly from our worked dot-point answer. For full context and worked exam questions, read the parent dot-point page.
What is confidentiality?Show answer
Only authorised users can read sensitive data. Mechanisms:
What is integrity?Show answer
Data is not altered by unauthorised parties or by accident. Mechanisms:
What is availability?Show answer
Authorised users can access the system when they need it. Mechanisms:
What is how they trade off?Show answer
The three principles can conflict. Strong encryption (confidentiality) can slow down a system (availability). Strict access controls (confidentiality) can frustrate legitimate users. Secure software design is about balancing the three based on the threat model.
What is listing only encryption as the answer?Show answer
Encryption protects confidentiality (and partially integrity via authenticated encryption), but availability requires redundancy, not encryption.
What is forgetting that availability is a security concern?Show answer
Many students treat availability as a reliability issue. NESA explicitly includes it as part of the triad. A denial-of-service attack is a security breach.
What is treating the triad as a checklist?Show answer
The three principles are design lenses, not boxes to tick. A real system applies many controls, each supporting one or more principles. :::
Have a question we have not covered?
This dot-point answer is short enough that we have not extracted many short questions yet. Read the full dot-point answer or ask Mo, our study assistant, in the chat for follow ups.