Which of the following is violated in a shoulder surfing attack?

Shoulder surfing is a type of in-person attack in which the attacker gathers information about the
premises of an organization. This attack is often performed by looking surreptitiously at the
keyboard of an employee’s computer while he is typing in his password at any access point such
as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

A.
Integrity

B.
Availability

C.
Confidentiality

D.
Authenticity

Explanation:
Confidentiality is violated in a shoulder surfing attack. The CIA triad provides the
following three tenets for which security practices are measured: Confidentiality: It is the property
of preventing disclosure of information to unauthorized individuals or systems. Breaches of
confidentiality take many forms. Permitting someone to look over your shoulder at your computer
screen while you have confidential data displayed on it could be a breach of confidentiality. If a
laptop computer containing sensitive information about a company’s employees is stolen or sold, it

could result in a breach of confidentiality. Integrity: It means that data cannot be modified without
authorization. Integrity is violated when an employee accidentally or with malicious intent deletes
important data files, when a computer virus infects a computer, when an employee is able to
modify his own salary in a payroll database, when an unauthorized user vandalizes a web site,
when someone is able to cast a very large number of votes in an online poll, and so on.
incorrect. Authenticity is not a tenet of the CIA triad.