You are given the following extract from a cybersecurity incident report:

$$The attack occurred within a highly secure agency by an insider identified as $$Noah$.$ The insider was the low$-$ranked personnel of the agency. To access this information, he did not break any system and used his own credentials to access the most sensitive and classified information that was of national security importance. The information included the location of the agency$$s undercover personnel as well as their reports. The insider did not need to access this information for his everyday job and duties. Furthermore, this information was copied to a CD$-$ROM, labelled as $$My memories$,$ and carried out in his personal effects out of the secure facility. The information was then made available online access to the public.$$

You are invited to a technical meeting as a security engineer and requested to comment on the following questions:

$1.$ Why were the perimeter defences $($e$.$g$.,$ Firewall$)$ ineffective in protecting against this attack? $[1$ mark$]$

$2.$ What is the $$threat model$$ of this attack? $[1$ mark$]$

$3.$ An IT intern $($who has great software engineering skills$)$ states that $$I have come up with a security mechanism that will secure the company against all future cybersecurity threats, including all future insider attacks$.$ As a security specialist, do you agree with the statement made by the IT intern? Support your answer with a concise argument. $[1$ mark$]$

$4.$ What type of Intrusion Detection System $($IDS$)$ could have been useful to detect this attack? $[1$ mark$]$

Based on this information, you identify this attack as an Access Control failure. Answer the following questions:

$5.$ Who is the Access Control system$$s $$Subject$$ in this scenario? $[1$ mark$]$

$6.$ What is the Access Control system$$s $$Object$$ in this scenario? $[1$ mark$]$

$7.$ What are the $$Operations$$ executed to access and leak the information by Noah? $($Recall access operations recognized by an access control system$)[1$ mark$]$

$8.$ What is $$Reference Monitor$$ in an Access Control system? List the $4$ key requirements for it$.[1$ mark$]$

$9.$ As a result of this incident, $$Confidentiality Policies$$ were compromised or $$Integrity Policies$?[1$ mark$]$

$10.$ Which of the security principles taught in this unit are relevant to this incident? $($Pick the two most important principles based on the context and include a concise argument why they are relevant to this incident and are your top $2$ priorities$)[1$ mark$]$

$($Reminder: We covered $$Least Privilege$,$Separation of Privileges$,$Least Common Mechanism$,$Psychological Acceptability$,$Fail$-$Safe Defaults$,$Open Design Principle$,$Defense$-$in$-$depth$,$ and $$Weakest link$).$

$11.$ Has the Access Control system failed in the $$Authentication$$ or $$Authorization$$ process? Support your choice with a concise argument. $[1$ mark$]$