Defensive security involves focusing on reactive measures to breaches and includes processes such as finding system vulnerabilities, patching security flaws, and retiring software that introduces excess risk into an environment. For this assignment, you will be given a networked information system with an access control matrix. You need to conduct a risk assessment by evaluating network security threats, physical media vulnerabilities and auditing system security. You will then deliver a 1,000-1,500 word report detailing the types of risk discovered. Your report should also include the creation of a contingency plan for breach or failure.
Scenario
The Book Blazer Publishing Company just found out they may have been hacked! They have been concerned for quite some time that a competitor has been stealing book ideas from their content management system (CMS). As the city’s premier security consultant, they retain you to verify whether this is true or not. You are given an architecture diagram of the CMS which consists of:
Web server to house the web site front-end
Application server to provide data processing functions
SQL server to house content metadata
File server on which content is stored
Firewall to protect the system
VPN appliance so employees can reach the CMS from the outside
You are also provided the following access control matrix showing each group and what access they have to each component: