Shoulder
surfing is a type of in-person attack in which the attacker gathers information about the premises of
an organization. This attack is often performed by looking surreptitiously at the keyboard of an
employee’s computer while he is typing in his password at any access point such as a terminal/Web
site. Which of the following is violated in a shoulder surfing attack?

A.
Integrity

B.
Availability

C.
Authenticity

D.
Confidentiality

Explanation:
Confidentiality is violated in a shoulder surfing attack. The CIA triad provides the
following three tenets for which security practices are
measured:
Confidentiality: It is the property of preventing disclosure of information to unauthorized individuals
or systems. Breaches of
confidentiality take many forms. Permitting someone to look over your shoulder at your computer
screen while you have confidential
data displayed on it could be a breach of confidentiality. If a laptop computer containing sensitive
information about a company’s
employees is stolen or sold, it could result in a breach of confidentiality.
Integrity: It means that data cannot be modified without authorization. Integrity is violated when an
employee accidentally or with
malicious intent deletes important data files, when a computer virus infects a computer, when an
employee is able to modify his own

salary in a payroll database, when an unauthorized user vandalizes a web site, when someone is able
to cast a very large number of
votes in an online poll, and so on.
Availability: It means that data must be available at every time when it is needed.
Answer option C is incorrect. Authenticity is not a tenet of the CIA triad.