WGU C845 VUN1 Task 3 | Passed on First Attempt
|Latest Update with Complete Solution
VUN1 — VUN1 Task 3: Evaluating & Defending Data Security and System Operations
INFORMATION SYSTEMS SECURITY – C845
A. Data Protection Risks and Cryptographic
Recommendations
A1. Identified Data Protection Risks
1. Risk 1 (Data at Rest): Unencrypted Data Repository Leading to Mass Data Breach.
o Vulnerability: The on-premises Finance server database stores highly sensitive customer
PII and financial records in clear text.
o Threat: An attacker who gains access to the server (e.g., through a compromised
application or system vulnerability) can directly exfiltrate the entire database file.
o Consequence: This would lead to a catastrophic mass data breach, violating regulations
(like GDPR or GLBA), causing significant financial loss, and irreparably damaging
customer trust.
2. Risk 2 (Data in Transit): Unencrypted Internal Data Transfer Leading to Eavesdropping and
Manipulation.
o Vulnerability: The HR and Finance departments use an internal FTP server with legacy
protocols that do not encrypt data during transfer.
o Threat: A malicious insider or an attacker who has gained a foothold on the corporate
network can trivially intercept (eavesdrop on) the data packets containing payroll and
employee information. They could also alter the data in transit.
o Consequence: This exposes sensitive employee data (like salaries and social security
numbers) for theft and allows for fraudulent manipulation of payroll data, leading to
financial fraud and compliance failures.
A2. Recommended Cryptographic Methods
1. To mitigate the risk of the unencrypted database, FinSecure should implement Application-Level
Encryption for the most sensitive fields (e.g., SSN, account numbers) in addition to full-disk or
database-level encryption. This provides a defense-in-depth approach.
2. To mitigate the risk of the unencrypted FTP transfer, FinSecure must decommission the legacy
FTP server and mandate the use of SFTP (SSH File Transfer Protocol) or HTTPS for all internal file
|Latest Update with Complete Solution
VUN1 — VUN1 Task 3: Evaluating & Defending Data Security and System Operations
INFORMATION SYSTEMS SECURITY – C845
A. Data Protection Risks and Cryptographic
Recommendations
A1. Identified Data Protection Risks
1. Risk 1 (Data at Rest): Unencrypted Data Repository Leading to Mass Data Breach.
o Vulnerability: The on-premises Finance server database stores highly sensitive customer
PII and financial records in clear text.
o Threat: An attacker who gains access to the server (e.g., through a compromised
application or system vulnerability) can directly exfiltrate the entire database file.
o Consequence: This would lead to a catastrophic mass data breach, violating regulations
(like GDPR or GLBA), causing significant financial loss, and irreparably damaging
customer trust.
2. Risk 2 (Data in Transit): Unencrypted Internal Data Transfer Leading to Eavesdropping and
Manipulation.
o Vulnerability: The HR and Finance departments use an internal FTP server with legacy
protocols that do not encrypt data during transfer.
o Threat: A malicious insider or an attacker who has gained a foothold on the corporate
network can trivially intercept (eavesdrop on) the data packets containing payroll and
employee information. They could also alter the data in transit.
o Consequence: This exposes sensitive employee data (like salaries and social security
numbers) for theft and allows for fraudulent manipulation of payroll data, leading to
financial fraud and compliance failures.
A2. Recommended Cryptographic Methods
1. To mitigate the risk of the unencrypted database, FinSecure should implement Application-Level
Encryption for the most sensitive fields (e.g., SSN, account numbers) in addition to full-disk or
database-level encryption. This provides a defense-in-depth approach.
2. To mitigate the risk of the unencrypted FTP transfer, FinSecure must decommission the legacy
FTP server and mandate the use of SFTP (SSH File Transfer Protocol) or HTTPS for all internal file
