Learning Objectives
students will be able to...
Objective 1
Define the three components of the CIA Triad: Confidentiality, Integrity, and Availability.
Objective 2
Identify which pillar of the CIA Triad is violated in a given real-world scenario.
Objective 3
Explain why each pillar matters using their own examples from daily life.
Objective 4
Connect the CIA Triad to at least one real-world data breach or cyber incident.
Standards Addressed
The CIA Triad — Concept Reference
C
Confidentiality
Only authorized people can access the data. Keeping secrets secret.
Attack: Data breach, eavesdropping
Defense: Encryption, access controls, MFA
I
Integrity
Data is accurate and has not been tampered with. Trusting what you read.
Attack: Man-in-the-middle, SQL injection
Defense: Hashing, digital signatures, audit logs
A
Availability
Systems and data are accessible when legitimate users need them.
Attack: DDoS, ransomware
Defense: Redundancy, backups, failover systems
Lesson Flow — 55 Minutes
I Do · We Do · You Do
0:00 – 0:07
Bell Ringer
Activate Prior Knowledge
Prompt on board as students enter: "A hospital's patient records get leaked online. A hacker changes a patient's medication dosage in the database. The hospital's scheduling system goes down for 6 hours. What's different about each of these three problems?"
Students write independently for 3 minutes, then share with a shoulder partner for 2 minutes. Cold-call 2–3 students. Do not correct or validate yet — the goal is activating thinking, not right answers.
Students write independently for 3 minutes, then share with a shoulder partner for 2 minutes. Cold-call 2–3 students. Do not correct or validate yet — the goal is activating thinking, not right answers.
Reminder
"You've all described three different things going wrong with the same hospital's data. Here's what I want you to notice: each one feels different. That feeling has a name — and by the end of today you'll have the vocabulary to explain exactly why they're different."
0:07 – 0:20
Direct Instruction — I Do
Introduce the CIA Triad
Present the CIA Triad using the reference card above. Introduce each pillar in order with the hospital scenario as the anchor:
Confidentiality → "The records leaked. People who shouldn't have seen them did. That's a Confidentiality violation — unauthorized access to private data."
Integrity → "The dosage was changed without authorization. The data is now wrong and no one knows it. That's an Integrity violation — data that can't be trusted."
Availability → "The system was down for 6 hours. Doctors couldn't access records when lives were on the line. That's an Availability violation — authorized users blocked from legitimate access."
Check for understanding: "Turn to your partner — in one sentence, define each letter. Go."
Confidentiality → "The records leaked. People who shouldn't have seen them did. That's a Confidentiality violation — unauthorized access to private data."
Integrity → "The dosage was changed without authorization. The data is now wrong and no one knows it. That's an Integrity violation — data that can't be trusted."
Availability → "The system was down for 6 hours. Doctors couldn't access records when lives were on the line. That's an Availability violation — authorized users blocked from legitimate access."
Reminder — The Triangle Analogy
"Here's what makes the CIA Triad interesting — you often can't maximize all three at once. Extremely high security for Confidentiality can hurt Availability. A system so locked down that no one can get in is very confidential but completely unavailable. Your job as a security professional is to find the right balance for your specific situation."
0:20 – 0:35
Guided Practice — We Do
Scenario Sort
Project 6 real-world breach scenarios on the board. As a class, work through the first two together — think aloud, model the reasoning process:
Scenario cards (project or print):
① A ransomware attack encrypts a city's 911 dispatch system
② An employee emails customer SSNs to the wrong recipient
③ A hacker alters grades in a school's database
④ A DDoS attack takes down an online banking portal for 4 hours
⑤ An attacker intercepts and reads unencrypted login credentials
⑥ A disgruntled employee changes financial records before quitting
Model scenarios ① and ②. Then have students work in pairs on ③–⑥, writing which CIA pillar is violated and one-sentence justification. Cold-call pairs to share.
Scenario cards (project or print):
① A ransomware attack encrypts a city's 911 dispatch system
② An employee emails customer SSNs to the wrong recipient
③ A hacker alters grades in a school's database
④ A DDoS attack takes down an online banking portal for 4 hours
⑤ An attacker intercepts and reads unencrypted login credentials
⑥ A disgruntled employee changes financial records before quitting
Model scenarios ① and ②. Then have students work in pairs on ③–⑥, writing which CIA pillar is violated and one-sentence justification. Cold-call pairs to share.
Reminder — When Students Say "All Three"
"That's actually a great instinct — many real attacks do violate more than one pillar. But for this exercise, identify the primary violation. What was the attacker's main goal? What's the most significant harm? In the real world, knowing which pillar is the primary threat helps you choose the right defense."
0:35 – 0:48
Independent Practice — You Do
CIA Analysis Worksheet
Students complete the tiered CIA Analysis Worksheet independently. Three tiers available — distribute based on current performance level. (See Differentiated Instruction section below.)
All tiers include: 3 scenarios to classify, a justification sentence for each, and one original scenario the student creates from their own life (social media, gaming, school systems, etc.)
Circulate during this time — prioritize students on Tier 1 who need support. Look for students who can't articulate the difference between C and I — that's the most common confusion. Use the medical records analogy again if needed.
All tiers include: 3 scenarios to classify, a justification sentence for each, and one original scenario the student creates from their own life (social media, gaming, school systems, etc.)
Circulate during this time — prioritize students on Tier 1 who need support. Look for students who can't articulate the difference between C and I — that's the most common confusion. Use the medical records analogy again if needed.
Reminder — Common Misconception
"I'm seeing some folks mix up Confidentiality and Integrity. Here's the test: ask yourself — was data accessed by the wrong person, or was data changed? Wrong access = Confidentiality. Wrong data = Integrity. Write that in your notes right now."
0:48 – 0:55
Closure — Exit Ticket
Formative Assessment
3-2-1 Exit Ticket — students write on a half-sheet or in their notes:
3 — the three letters of the CIA Triad and what each stands for
2 — two examples of attacks (one you discussed, one you made up)
1 — one question you still have
Collect the exit tickets. The "1 question" section drives tomorrow's bell ringer — select 2–3 common questions and open the next class with them.
3 — the three letters of the CIA Triad and what each stands for
2 — two examples of attacks (one you discussed, one you made up)
1 — one question you still have
Collect the exit tickets. The "1 question" section drives tomorrow's bell ringer — select 2–3 common questions and open the next class with them.
Reminder — Closing
"Every security decision you'll ever make — in this class and in your career — comes back to this triangle. Which of these three things am I protecting? Which is being attacked? Which defense fits the situation? The CIA Triad isn't just vocabulary. It's a thinking tool. You now have it."
Differentiated Instruction
tiered support for all learners
| Tier | Who It's For | Modification | Scaffolds Provided |
|---|---|---|---|
| Tier 1 — Support | Students needing additional scaffolding, ELL students, IEP/504 | CIA Triad reference card stays on desk. Scenarios use simplified language. Fill-in-the-blank sentence frames provided for justification. | Word bank · Sentence frames · CIA card · Reduced scenario complexity |
| Tier 2 — Core | Grade-level students — majority of class | Standard worksheet with 3 scenarios + 1 original. Write full justification sentences. No scaffolds beyond what was covered in class. | Class notes · Scenario sort from guided practice |
| Tier 3 — Extension | Students who demonstrate early mastery | Additional challenge: given a real breach (Colonial Pipeline, SolarWinds, or MGM Resorts), identify which CIA pillars were violated, in what order, and what the organization should have done differently. | Optional: research using class website resources |
IEP/504 Accommodations: Extended time honored per plan. Read-aloud available for scenarios. Students may respond verbally to Mr. Ngo in lieu of written worksheet. All accommodations applied without drawing attention.
Assessment Strategy
Formative — During Lesson
Cold-call responses during direct instruction, partner check-ins during guided practice, and circulation during independent work. Looking for: can students distinguish C from I? Can they justify their classification?
Formative — Exit Ticket
3-2-1 exit ticket collected at door. Not graded — used diagnostically. Students who can't complete "3" need re-teaching tomorrow. "1 question" feeds next lesson's bell ringer.
Summative — Worksheet
CIA Analysis Worksheet graded for accuracy and quality of justification. Rubric: 1 pt per correct classification + 1 pt per quality justification sentence = 8 pts total. Original scenario worth 2 pts.
Unit Assessment Connection
This lesson feeds directly into the Unit 5 assessment (Week 20). Students who master CIA Triad scenario analysis here will see similar items on the unit test — reinforcing, not re-teaching.
Materials & Prep Checklist
Before Class
Bell ringer prompt on board
CIA Triad slide deck open on projector
Scenario cards printed (or projected)
Tiered worksheets printed — correct counts per tier
Exit ticket half-sheets cut and ready
After Class
Exit tickets reviewed — note common questions
Worksheets collected and logged
Next bell ringer drafted from exit ticket questions
Students needing re-teach identified