WguC 845 VUN1Task3– Evaluating &
I I I I I I I I
Defending DataSecurity AndSystem
I I I I I
Operations| WGU C845| 2026 Latest Update,
I I I I I I I I
GuaranteedSuccess
I I
This document has;
❖ Wgu C 845
❖ VUN1 Task 3
❖ Evaluating & Defending Data Security
❖ Guaranteed Success
❖ Latest Update
❖ System Operations
❖ WGU C845 | 2026
, Data Protection Risks and Cryptographic
Recommendations
A1. Identified Data Protection Risks
1. Risk 1 (Data at Rest): Unencrypted Data Repository Leading to Mass Data Breach.
o Vulnerability: The on-premises Finance server database stores highly sensitive
customer PII and financial records in clear text.
o Threat: An attacker who gains access to the server (e.g., through a
compromised application or system vulnerability) can directly exfiltrate the
entire database file.
o Consequence: This would lead to a catastrophic mass data breach, violating
regulations (like GDPR or GLBA), causing significant financial loss, and irreparably
damaging customer trust.
2. Risk 2 (Data in Transit): Unencrypted Internal Data Transfer Leading to
Eavesdropping and Manipulation.
o Vulnerability: The HR and Finance departments use an internal FTP server with
legacy protocols that do not encrypt data during transfer.
o Threat: A malicious insider or an attacker who has gained a foothold on the
corporate network can trivially intercept (eavesdrop on) the data packets containing
payroll and employee information. They could also alter the data in transit.
o Consequence: This exposes sensitive employee data (like salaries and social
security numbers) for theft and allows for fraudulent manipulation of payroll data,
leading to financial fraud and compliance failures.
A2. Recommended Cryptographic Methods
1. To mitigate the risk of the unencrypted database, FinSecure should implement Application-
Level Encryption for the most sensitive fields (e.g., SSN, account numbers) in addition to full-
disk or database-level encryption. This provides a defense-in-depth approach.
2. To mitigate the risk of the unencrypted FTP transfer, FinSecure must decommission the
legacy FTP server and mandate the use of SFTP (SSH File Transfer Protocol) or HTTPS for
all internal file transfers containing sensitive data.
A2a. Justification of Recommendations
1. Application-Level Encryption for Data at Rest: This method encrypts data before it is
written to the database. It directly supports data confidentiality by ensuring that specific, high-
value data elements are encrypted with a unique key, separate from the database or storage
system. Even if an attacker bypasses the database server's security and gains direct access to the
storage media or database files, the encrypted fields remain unreadable. This provides a critical
layer of protection beyond transparent disk encryption.
I I I I I I I I
Defending DataSecurity AndSystem
I I I I I
Operations| WGU C845| 2026 Latest Update,
I I I I I I I I
GuaranteedSuccess
I I
This document has;
❖ Wgu C 845
❖ VUN1 Task 3
❖ Evaluating & Defending Data Security
❖ Guaranteed Success
❖ Latest Update
❖ System Operations
❖ WGU C845 | 2026
, Data Protection Risks and Cryptographic
Recommendations
A1. Identified Data Protection Risks
1. Risk 1 (Data at Rest): Unencrypted Data Repository Leading to Mass Data Breach.
o Vulnerability: The on-premises Finance server database stores highly sensitive
customer PII and financial records in clear text.
o Threat: An attacker who gains access to the server (e.g., through a
compromised application or system vulnerability) can directly exfiltrate the
entire database file.
o Consequence: This would lead to a catastrophic mass data breach, violating
regulations (like GDPR or GLBA), causing significant financial loss, and irreparably
damaging customer trust.
2. Risk 2 (Data in Transit): Unencrypted Internal Data Transfer Leading to
Eavesdropping and Manipulation.
o Vulnerability: The HR and Finance departments use an internal FTP server with
legacy protocols that do not encrypt data during transfer.
o Threat: A malicious insider or an attacker who has gained a foothold on the
corporate network can trivially intercept (eavesdrop on) the data packets containing
payroll and employee information. They could also alter the data in transit.
o Consequence: This exposes sensitive employee data (like salaries and social
security numbers) for theft and allows for fraudulent manipulation of payroll data,
leading to financial fraud and compliance failures.
A2. Recommended Cryptographic Methods
1. To mitigate the risk of the unencrypted database, FinSecure should implement Application-
Level Encryption for the most sensitive fields (e.g., SSN, account numbers) in addition to full-
disk or database-level encryption. This provides a defense-in-depth approach.
2. To mitigate the risk of the unencrypted FTP transfer, FinSecure must decommission the
legacy FTP server and mandate the use of SFTP (SSH File Transfer Protocol) or HTTPS for
all internal file transfers containing sensitive data.
A2a. Justification of Recommendations
1. Application-Level Encryption for Data at Rest: This method encrypts data before it is
written to the database. It directly supports data confidentiality by ensuring that specific, high-
value data elements are encrypted with a unique key, separate from the database or storage
system. Even if an attacker bypasses the database server's security and gains direct access to the
storage media or database files, the encrypted fields remain unreadable. This provides a critical
layer of protection beyond transparent disk encryption.
