← Module 1: Secure Software Architecture
Inquiry Question 1: How are secure systems designed?
Describe how the confidentiality, integrity and availability (CIA) triad is applied to the design of secure software
A focused answer to the HSC Software Engineering Module 1 dot point on the CIA triad. Confidentiality, integrity, availability, how each is enforced in a real system, the worked banking-app example, and the traps markers look for.
Have a quick question? Jump to the Q&A page
What this dot point is asking
NESA wants you to define the three pillars of the CIA triad and explain how each shapes the design of a secure software system. You also need to recognise breaches of each principle and identify which design controls (encryption, hashing, redundancy, access control) defend each one.
The answer
The CIA triad is the foundation of secure software architecture. Every other security control maps to one or more of these three principles.
Confidentiality
Only authorised users can read sensitive data. Mechanisms:
- Encryption in transit (TLS/HTTPS) prevents eavesdropping on network traffic.
- Encryption at rest (database-level or full-disk encryption) protects data if storage is stolen.
- Access control (authentication and authorisation) keeps users out of data they should not see.
Integrity
Data is not altered by unauthorised parties or by accident. Mechanisms:
- Cryptographic hashes (SHA-256) detect tampering with files or messages.
- Digital signatures prove a message came from a specific sender and was not modified.
- Input validation prevents malformed data from corrupting the database.
- Audit logs record every change so unauthorised modifications can be detected and traced.
Availability
Authorised users can access the system when they need it. Mechanisms:
- Redundancy (multiple servers, multiple data centres) survives hardware failures.
- Backups allow recovery after data loss.
- Rate limiting and DDoS protection prevent attackers from exhausting capacity.
- Monitoring and alerting catch failures before users notice.
How they trade off
The three principles can conflict. Strong encryption (confidentiality) can slow down a system (availability). Strict access controls (confidentiality) can frustrate legitimate users. Secure software design is about balancing the three based on the threat model.
Past exam questions, worked
Real questions from past NESA papers on this dot point, with our answer explainer.
2024 HSC4 marksExplain how the CIA triad applies to the design of an online banking application. Give one example of each principle.Show worked answer →
The CIA triad gives three security goals every secure system must address.
Confidentiality means only authorised users can read sensitive data. In an online banking app, account balances are encrypted in transit using HTTPS and encrypted at rest in the database. A logged-in user can see their own balance but not other customers' balances.
Integrity means data is not altered by unauthorised parties or by accident. The app records every transaction in an append-only ledger and uses cryptographic hashes to detect tampering. If a hacker tries to modify a transaction amount, the hash mismatch flags it immediately.
Availability means authorised users can access the system when they need it. The bank runs the app across multiple data centres with automatic failover so a power outage in one region does not bring down the service. Rate limiting prevents denial-of-service attacks from exhausting capacity.
Markers reward all three principles named correctly, one concrete banking-context example each, and at least one mechanism (encryption, hashing, redundancy) per principle.
2024 HSC Sample3 marksA hospital records system has been compromised. Patient records were viewed but not altered, and the system stayed online throughout. Which element of the CIA triad has been breached?Show worked answer →
The breach is of confidentiality only.
Confidentiality requires that sensitive data is accessible only to authorised users. Unauthorised viewing of patient records is a direct confidentiality breach, even though no data was altered or deleted.
Integrity has not been breached because the data has not been changed. Availability has not been breached because the system stayed online.
Markers reward correct identification of confidentiality, an explicit statement that integrity and availability were not breached, and reference to the criterion (unauthorised viewing of data).
Related dot points
- Explain the role of authentication and authorisation in restricting access to a system, and identify common implementation methods including multi-factor authentication and role-based access control
A focused answer to the HSC Software Engineering Module 1 dot point on authentication and authorisation. The difference between the two, multi-factor authentication, role-based access control, the worked SaaS-app example, and the traps markers look for.
- Compare symmetric and asymmetric encryption, and describe their roles in securing data in transit and at rest
A focused answer to the HSC Software Engineering Module 1 dot point on encryption. Symmetric (AES) versus asymmetric (RSA), where each is used, how HTTPS combines them, the worked example, and the traps markers look for.
- Identify the OWASP Top 10 web application security risks and describe mitigations for each
A focused answer to the HSC Software Engineering Module 1 dot point on the OWASP Top 10. Each risk, an example, and a mitigation, the worked broken-access-control example, and the traps markers look for.