WGU C845 VUN1 Task 3| Passed on First Attempt |Latest Update with Complete Solution

WGUC845VUN1Task3|PassedonFirst .7 .7 .7 .7 .7 .7 .7 .7 .7




Attempt |Latest Update with Complete Solution
.7 .7 .7 .7 .7 .7 .7




VUN1 — VUN1 Task 3:Evaluating &DefendingData Securityand SystemOperations
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




INFORMATION SYSTEMS SECURITY – C845
.7 .7 .7 .7 .7




A. DataProtectionRisksandCryptographic .7 .7 .7 .7




Recommendations
.7




A1.IdentifiedDataProtection Risks
.7 .7 .7 .7




1. Risk1(DataatRest):UnencryptedDataRepositoryLeadingtoMassDataBreach.
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




o Vulnerability:Theon-premisesFinanceserverdatabasestoreshighlysensitivecustomer PII .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




and financial records in clear text.
.7 .7 .7 .7 .7 .7




o Threat:An attacker whogains accessto theserver(e.g., throughacompromised .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




applicationorsystemvulnerability)candirectlyexfiltratetheentiredatabasefile.
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




o Consequence:Thiswouldleadtoacatastrophicmassdatabreach,violatingregulations (like .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




GDPR or GLBA), causing significant financial loss, and irreparably damaging customer
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




trust. .7




2. Risk2(DatainTransit):UnencryptedInternalDataTransferLeadingtoEavesdroppingand
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




Manipulation. .7




o Vulnerability: The HR and Finance departments use an internal FTP server with legacy .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




protocols that do not encrypt data during transfer.
.7 .7 .7 .7 .7 .7 .7 .7




o Threat: A malicious insider or an attacker who has gained a foothold on the corporate .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




network can trivially intercept (eavesdrop on) the data packets containing payroll and
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




employee information. They could also alter the data in transit.
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7




o Consequence: This exposes sensitive employee data (like salaries and social security .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




numbers) for theft and allows for fraudulent manipulation of payroll data, leading to
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




financial fraud and compliance failures.
.7 .7 .7 .7 .7




A2. Recommended Cryptographic Methods
. 7 . 7 . 7




1. Tomitigatetheriskoftheunencrypteddatabase,FinSecureshouldimplementApplication-Level
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




Encryption for the most sensitive fields (e.g., SSN, account numbers) in addition to full-disk or
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7

, database-levelencryption.Thisprovides adefense-in-depth approach. .7 .7 .7 .7 .7 .7




2. To mitigate the risk of the unencrypted FTP transfer, FinSecure must decommission the legacy FTP
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




server and mandate the use of SFTP (SSH File Transfer Protocol) or HTTPS for all internal file transfers
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




containing sensitive data.
.7 .7 .7




A2a. Justification of Recommendations
. 7 . 7 . 7




1. Application-Level Encryption for Data at Rest: Thismethod encrypts data before it is written to the
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




database. It directly supports data confidentiality by ensuring that specific, high-value data
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




elementsareencryptedwithauniquekey,separatefromthedatabaseorstoragesystem.Evenif an
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




attacker bypassesthe database server's security and gains direct access to the storage media or
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




database files, the encrypted fields remain unreadable. This provides a critical layer of protection
.7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7 .7




beyond transparent disk encryption.
.7 .7 .7 .7