WGUC845VUN1Task 3|Passed onFirst ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
Attempt |Latest Update with Complete
,x. ,x. ,x. ,x. ,x. ,x.
Solution
,x.
VUN1 — VUN1 Task 3: Evaluating & Defending Data Security and System Operations
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
INFORMATION SYSTEMS SECURITY – C845
,x. ,x. ,x. ,x. ,x.
A. Data Protection Risks and Cryptographic ,x. ,x. ,x. ,x.
Recommendations
,x.
A1. Identified Data Protection Risks
,x. ,x. ,x. ,x.
1. Risk1(Data at Rest): Unencrypted Data RepositoryLeading toMass Data Breach.
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
o Vulnerability:Theon-premises Financeserver database storeshighlysensitivecustomer PII ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
and financial records in clear text.
,x. ,x. ,x. ,x. ,x. ,x.
o Threat: An attacker who gains access to the server (e.g., through a compromised ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
applicationorsystemvulnerability)candirectly exfiltratetheentiredatabasefile.
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
o Consequence: Thiswouldlead to a catastrophic massdatabreach,violatingregulations ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
(like GDPR or GLBA), causing significant financial loss, and irreparably damaging
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
customer trust. ,x. ,x.
2. Risk2 (DatainTransit):UnencryptedInternal Data TransferLeadingtoEavesdroppingand
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
Manipulation.,x.
o Vulnerability: The HR and Finance departments use an internal FTP server with legacy ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
protocols that do not encrypt data during transfer.
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
o Threat: A malicious insider or an attacker who has gained a foothold on the corporate ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
network can trivially intercept (eavesdrop on) the data packets containing payroll and
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
employee information. They could also alter the data in transit.
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
o Consequence: This exposes sensitive employee data (like salaries and social security ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
numbers) for theft and allows for fraudulent manipulation of payroll data, leading to
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
financial fraud and compliance failures.
,x. ,x. ,x. ,x. ,x.
A2. Recommended Cryptographic Methods
, x . , x . , x .
1. Tomitigatetheriskoftheunencrypted database,FinSecureshouldimplementApplication-Level
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
Encryption for the most sensitive fields (e.g., SSN, account numbers) in addition to full-disk or
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
, database-level encryption. This provides a defense-in-depth approach.
,x. ,x. ,x. ,x. ,x. ,x.
2. To mitigate the risk of the unencrypted FTP transfer, FinSecure must decommission the legacy
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
FTP server and mandate the use of SFTP (SSH File Transfer Protocol) or HTTPS for all internal file
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
transfers containing sensitive data.
,x. ,x. ,x. ,x.
A2a. Justification of Recommendations
,x. , x . , x.
1. Application-Level Encryption for Data at Rest: This method encrypts data before it is written to
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
the database. It directly supports data confidentiality by ensuring that specific, high-value data
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
elements areencryptedwith auniquekey,separate from the databaseor storage system.Even if an
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
attacker bypasses the database server's security and gains direct access to the storage media or
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
database files, the encrypted fields remain unreadable. This provides a critical layer of
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
protection beyond transparent disk encryption.
,x. ,x. ,x. ,x. ,x.
Attempt |Latest Update with Complete
,x. ,x. ,x. ,x. ,x. ,x.
Solution
,x.
VUN1 — VUN1 Task 3: Evaluating & Defending Data Security and System Operations
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
INFORMATION SYSTEMS SECURITY – C845
,x. ,x. ,x. ,x. ,x.
A. Data Protection Risks and Cryptographic ,x. ,x. ,x. ,x.
Recommendations
,x.
A1. Identified Data Protection Risks
,x. ,x. ,x. ,x.
1. Risk1(Data at Rest): Unencrypted Data RepositoryLeading toMass Data Breach.
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
o Vulnerability:Theon-premises Financeserver database storeshighlysensitivecustomer PII ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
and financial records in clear text.
,x. ,x. ,x. ,x. ,x. ,x.
o Threat: An attacker who gains access to the server (e.g., through a compromised ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
applicationorsystemvulnerability)candirectly exfiltratetheentiredatabasefile.
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
o Consequence: Thiswouldlead to a catastrophic massdatabreach,violatingregulations ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
(like GDPR or GLBA), causing significant financial loss, and irreparably damaging
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
customer trust. ,x. ,x.
2. Risk2 (DatainTransit):UnencryptedInternal Data TransferLeadingtoEavesdroppingand
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
Manipulation.,x.
o Vulnerability: The HR and Finance departments use an internal FTP server with legacy ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
protocols that do not encrypt data during transfer.
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
o Threat: A malicious insider or an attacker who has gained a foothold on the corporate ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
network can trivially intercept (eavesdrop on) the data packets containing payroll and
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
employee information. They could also alter the data in transit.
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
o Consequence: This exposes sensitive employee data (like salaries and social security ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
numbers) for theft and allows for fraudulent manipulation of payroll data, leading to
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
financial fraud and compliance failures.
,x. ,x. ,x. ,x. ,x.
A2. Recommended Cryptographic Methods
, x . , x . , x .
1. Tomitigatetheriskoftheunencrypted database,FinSecureshouldimplementApplication-Level
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
Encryption for the most sensitive fields (e.g., SSN, account numbers) in addition to full-disk or
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
, database-level encryption. This provides a defense-in-depth approach.
,x. ,x. ,x. ,x. ,x. ,x.
2. To mitigate the risk of the unencrypted FTP transfer, FinSecure must decommission the legacy
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
FTP server and mandate the use of SFTP (SSH File Transfer Protocol) or HTTPS for all internal file
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
transfers containing sensitive data.
,x. ,x. ,x. ,x.
A2a. Justification of Recommendations
,x. , x . , x.
1. Application-Level Encryption for Data at Rest: This method encrypts data before it is written to
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
the database. It directly supports data confidentiality by ensuring that specific, high-value data
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
elements areencryptedwith auniquekey,separate from the databaseor storage system.Even if an
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
attacker bypasses the database server's security and gains direct access to the storage media or
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
database files, the encrypted fields remain unreadable. This provides a critical layer of
,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x. ,x.
protection beyond transparent disk encryption.
,x. ,x. ,x. ,x. ,x.
