WGU C845 VUN1 Task 3| Passed on First Attempt |Latest Update with Complete Solution

RRRR




WGUC845VUN1Task3 f f f f




WGU C845 VUN1 Task 3|Passed on First Attempt |Latest Update with
f f f f f f f f f f f




Complete Solution
f f




Prose1Stuvia
f




THIS DOCUMENT CONTAINS:
f f




 WguC845 Vun1 Task3
f f f f




 PassedOn First Attempt
f f f




 LatestUpdatef




 CompleteSolution f




 WguC845 (Wguc845)
f f

, https://www.stuvia.com/user/Prose1




VUN1—VUN1Task3:Evaluating&DefendingDataSecurityandSystemOperations v v v




f INFORMATIONSYSTEMSSECURITY–C845 f f f




A. DataProtectionRisksandCryptographic f




Recommendations
f




A1.IdentifiedDataProtection Risks f




1. Risk1(Dataat Rest):UnencryptedDataRepositoryLeadingto MassDataBreach.
v v v




o Vulnerability:Theon-premisesFinanceserverdatabasestores highlysensitivecustomerPII v f




and financialrecords in clear text.
f f f f f f




o Threat:Anattackerwhogainsaccesstotheserver(e.g.,throughacompromised
f f f f f f




applicationorsystemvulnerability)candirectlyexfiltratetheentiredatabasefile.
f




o Consequence:Thiswouldleadtoacatastrophicmassdatabreach,violatingregulations f f




(likeGDPRorGLBA),causingsignificantfinancialloss,andirreparablydamagingcustomer
f f f f f f f f f f f




trust. f




2. Risk2(DatainTransit):UnencryptedInternalDataTransferLeadingtoEavesdroppingand
v v v v v




Manipulation.
f




o Vulnerability: The HR and Finance departments use an internal FTP server with legacy f f f f f f f f f f f f




protocols that do notencrypt data during transfer.
f f f f f f f




o Threat: A malicious insider or an attacker who has gained a foothold on the corporate
f f f f f f f f f f f f f f




network can trivially intercept (eavesdrop on) the data packets containing payroll and
f f f f f f f f f f f f




employee information. They couldalso alterthedata in transit.
f f f f f f f f




o Consequence: This exposes sensitive employee data (like salaries and social security f f f f f f f f f f




numbers) for theft and allows for fraudulent manipulation of payroll data, leading to
f f f f f f f f f f f f f




financial fraud and compliance failures.
f f f f f




A2.RecommendedCryptographicMethods
1. Tomitigatetheriskoftheunencrypteddatabase,FinSecureshouldimplementApplication-Level
v v v v




Encryptionforthemostsensitivefields(e.g.,SSN,accountnumbers)inadditiontofull-diskor
f f f f f f f f f f f f f f f




database-levelencryption. This provides adefense-in-depth approach.
f f f f f f




2. To mitigate the risk oftheunencrypted FTP transfer, FinSecuremust decommissionthe legacy FTP
f f f f f f f f f f




serverandmandatetheuseofSFTP(SSHFileTransferProtocol)orHTTPSforallinternalfile
f transfers v f




containingsensitivedata.
f f




A2a. Justification of Recommendations
f f f




1. Application-LevelEncryptionforDataatRest:Thismethodencryptsdatabeforeitiswrittentothe f f f f f f f f f f f f f f f




database.It directly supports dataconfidentiality by ensuring thatspecific,high-value data
f f f f f f f f f f f




elementsareencryptedwithauniquekey,separatefromthedatabaseorstoragesystem.Evenifan
f f




attackerbypasses thedatabase server's security and gains directaccess to the storage mediaor
f f f f f f v f f f




databasefiles,theencryptedfieldsremainunreadable.Thisprovidesacriticallayerofprotection
f f f f f f f f f f f f f f




beyondtransparentdiskencryption.
f f f f