CYB 301 University of Arizona Global Campus Defensive Security Paper

Defensive security involves focusing on reactive measures to breaches and includes processes such as finding system vulnerabilities, patching security flaws, and retiring software that introduces excess risk into an environment. A networked information system example has been provided with an access control matrix. You need to conduct a risk assessment by evaluating network security threats, physical media vulnerabilities and auditing system security. Detail the types of risk discovered. Your report should also include the creation of a contingency plan for breach or failure.

The Book Blazer Publishing Company just found out they may have been hacked! They have been concerned for quite some time that a competitor has been stealing book ideas from their content management system (CMS). As the city’s premier security consultant, they retain you to verify whether this is true or not. You are given an architecture diagram of the CMS which consists of:

1. Web server to house the web site front-end
2. Application server to provide data processing functions
3. SQL server to house content metadata
4. File server on which content is stored
5. Firewall to protect the system
6. VPN appliance so employees can reach the CMS from the outside

You are also provided the following access control matrix showing each group and what access they have to each component:

After conducting a risk assessment by evaluating network security threats, physical media vulnerabilities and auditing system security, you are able to verify their worst fears! Help the CEO and CIO understand what is happening.