If the attacker gains administrator access to the system, the following security mechanisms would fail:-

Windows defender smart screen

The above feature is installed in a computer investigate if there is any harmful program in the website or
internet before it is downloaded in a computer. The reason as to why the above feature will fail it is
because with the admin access rights, the attacker will disable the windows defender smart screen
without any restrictions. He will therefore try to get access to the computer system through phishing in
order to get hidden information in the Microsoft word document. This time round he will not be blocked
because the windows defender smart screen is off.

Windows defender application guard

This feature is used to offer protection in case the attacker tries to access any file in the application such
as Microsoft word. If the attacker gets control over the system the windows defender application guard
fails because the attacker will disable the windows defender application guard hence making a
computer not have the category of whitelisted applications. Therefore any application can be used by
the hacker to get access to memory and also installed applications like in our case Microsoft word. The
hidden information in Microsoft world will then be revealed to the hacker.

User account control

User account control ensures only the people who have an account in the computer can access the
computer information and resources such as applications. The user accounts can only be disabled by
administrators. This security control will fail because the attacker already has the administrator rights
therefore he has control over the accounts available. Without the user account restricting him or her to
access computer application, the attacker will directly access the Microsoft word document he or she
wanted.

Windows defender exploits guard

This is a tool which offers protection to the files in a folder by restricting the people to access the
folder. Only the users with the password to open the folder can access the files inside. It also offers
network protection. The attacker now being the admin, he or she will go to windows components, then
to windows defender antivirus click windows defender exploit guard and lastly click folder access and
set the option to ‘disabled’. This automatically leads to failure of this security mechanism because the
files are protected no more.

Windows 10 professional and enterprise

This is a security measure to provide a control mechanism called Microsoft Bitlocker.It offers encryption
he or she cannot read the word document. The attack will then attack the system thereby the windows
10 professional and enterprise will provoke the machine to reboot in bit locker recovery mode. The
attack then being the administrator will take advantage to this and set maximum failed password
attempts failed. This may also be caused by inserting very many pins .All this can be reset by the admin,
the attacker then sets everything leading to exposure of the documents in computer once the computer
restarts and this leads to failure of this security mechanism.

Window defender credential guard

This is a security measure provided by computer windows to protect computer resources from any theft
attacks. It hinders the attacks who end up clicking on bait links and stealing owners credential things.
Having the admin access rights, the attacker cannot be prevented from getting the computer resources.
The attacker will click in to the bait link severally until maximum clicks are reached and the system will
be locked hence requiring the help of an admin who at that time will be the hacker. This security
measure to the computer will therefore not offer enough protection to the computer resources

Use of NTFS File system

This mechanism helps in encryption of the document being protected from unauthorized access.
Encryption is the process of changing a readable text into cipher text or unreadable text. Access will be
denied if one tries to open an encrypted file. This file first needs a key for decryption and therefore one
has to contact admin for help. In our case the attack has admin rights therefore he can resolve this and
be able to decrypt the document. Therefore this mechanism exposes the privacy of information leading
to failure and cannot be a sure way of computer security to its resources.

Windows folder lock

This is windows application which uses very strong password to protect computer files and resources.
Even if one tries to guess or crack password he or she cannot get it.Only the admins can be contacted for
help. Attackers then take advantage of admin rights to access the password.

Alternative security architecture that I could offer is

1. Saving my computer work in cloud

I would save my word document in cloud instead of storing it physically in a computer. Many people find
it hard storing their sensitive data in a computer. I would advise them to use cloud storage which offers
connection between database and the computer. Cloud storage helps to identify the devices that have
accessed the data at a particular time. It offers a single point of encryption key to the management.

Security limitations for this security architecture are:-

Key management. The ways of managing keys for decrypting file so that hackers cannot access it is a
challenge. Data to be stored in the cloud need to be encrypted for privacy.

2. I would develop a system which could allow authentication measures like use of passwords,
facial expressions and ensure that if maximum trials are reached the system can only be reset by
the person who stored and protected the data in the computer. This will ensure that admins
have no rights whatsoever regarding the access of data. This architecture does not exist but it
can be of great help to ensure data securities in our computers

Limitation to this security measure will be:-

In case the owner of data passes away the data is lost because no one can open it.
If the owner of data forgets the details the data can’t be restored.