WGU C845 VUN1 Task 3| Passed on First Attempt |Latest Update with Complete Solution

WGUC845VUN1Task3|PassedonFirst 68 68 68 68 68 68 68 68 68




Attempt |Latest Update with Complete Solution
68 68 68 68 68 6 8 68




VUN1 — VUN1 Task 3: Evaluating & Defending Data Securityand SystemOperations
68 68 68 68 68 68 68 68 68 68 68 68




INFORMATION SYSTEMS SECURITY – C845
68 68 68 68 68




A. DataProtectionRisksandCryptographic 8
6 68 8
6 8
6




Recommendations
68




A1.IdentifiedDataProtection Risks
8
6 68 68 68




1. Risk1(DataatRest):UnencryptedDataRepositoryLeadingtoMassDataBreach.
8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 68 8
6 8
6 8
6




o Vulnerability:Theon-premisesFinanceserverdatabasestoreshighlysensitivecustomer PII 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 68




and financial records in clear text.
68 68 68 68 68 68




o Threat:An attacker who gains access to the server (e.g., through a compromised 68 68 68 68 68 68 68 68 68 68 68 68




applicationorsystemvulnerability)candirectlyexfiltratetheentiredatabasefile.
68 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6




o Consequence:Thiswouldleadtoacatastrophicmassdatabreach,violatingregulations (like 68 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 68




GDPR or GLBA), causing significant financial loss, and irreparably damaging customer
68 68 68 68 68 68 68 68 68 68 68




trust. 68




2. Risk2(DatainTransit):UnencryptedInternalDataTransferLeadingtoEavesdroppingand
8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6




Manipulation. 68




o Vulnerability: The HR and Finance departments use an internal FTP server with legacy 68 68 8
6 68 68 68 68 8
6 68 68 68 68




protocols that do not encrypt data during transfer.
68 68 68 68 68 68 68 68




o Threat: A malicious insider or an attacker who has gained a foothold on the corporate 68 68 68 68 68 8
6 68 68 68 68 68 68 68 68




network can trivially intercept (eavesdrop on) the data packets containing payroll and
68 68 68 68 68 68 68 68 68 68 68 68




employee information. They could also alter the data in transit.
68 68 68 68 68 68 68 68 68 68




o Consequence: This exposes sensitive employee data (like salaries and social security 68 68 68 68 68 68 68 68 68 68




numbers) for theft and allows for fraudulent manipulation of payroll data, leading to
68 68 8
6 68 68 68 68 68 68 8
6 68 8
6 68




financial fraud and compliance failures.
68 68 68 68 68




A2. Recommended Cryptographic Methods
6 8 6 8 6 8




1. Tomitigatetheriskoftheunencrypteddatabase,FinSecureshouldimplementApplication-Level
8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6




Encryption for the most sensitive fields (e.g., SSN, account numbers) in addition to full-disk or
68 68 68 68 68 68 68 68 68 68 68 68 68 68 68

, database-levelencryption. This provides adefense-in-depth approach.
8
6 68 68 68 68 68




2. To mitigate the risk of the unencrypted FTP transfer, FinSecure must decommission the legacy FTP
68 68 68 68 68 68 68 68 68 68 68 68 68 68




server and mandate the use of SFTP (SSH File Transfer Protocol) or HTTPS for all internal file transfers
68 8
6 8
6 68 68 8
6 68 68 8
6 68 68 68 8
6 8
6 8
6 8
6 68 68




containing sensitive data.
68 68 68




A2a. Justification of Recommendations
6 8 6 8 6 8




1. Application-Level Encryption for Data at Rest: This method encrypts data before it is written to the
68 68 68 68 68 68 68 68 68 68 68 68 68 68 68




database. It directly supports data confidentiality by ensuring that specific, high-value data
68 68 68 68 68 68 68 68 68 68 68 68




elementsareencryptedwithauniquekey,separatefromthedatabaseorstoragesystem.Evenif an
68 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 8
6 68




attacker bypasses the database server's security and gains direct access to the storage media or
68 68 68 68 68 68 68 68 68 68 68 68 68 68 68




database files, the encrypted fields remain unreadable. This provides a critical layer of protection
68 68 68 68 68 68 68 68 68 68 68 68 68 68




beyond transparent disk encryption.
68 68 68 68