IS481 Grantham Week 2 Encryption and Key Management Paper this assignment has 3 phases: Phase O is creating and running scripts, Phase 1 is Creation of Use

IS481 Grantham Week 2 Encryption and Key Management Paper this assignment has 3 phases: Phase O is creating and running scripts, Phase 1 is Creation of User Accounts, and Phase 2 is Modify User and Create Tables Week 2 Written Assignment Encryption & Key Management
In our readings we have learned the importance of encryption of sensitive data across database
environments. We must consider data “at rest” and data transmission. Encryption allows securing
both production and backup copies of databases. The successful use of encryption depends upon
two main features: the strength of the encryption algorithm and the security of the decryption
key or process.
As you contemplate encryption and its use in securing databases, it is worthy to note the
statement made in your textbook:
“Encryption provides protection of sensitive data for an unprotected medium. The sensitive data
and transmission has to cross unprotected media. We must consider the access to sensitive data
from users who access databases at the operating system and storage tiers.”
You are required to complete BOTH Part A and Part B of the assignment.
Part A
Please write short essay answers discussing the following questions and submit in a word
document:
1. Give an example of why data encryption is needed and when you would use encryption.
2. Name three examples of data elements that would require data encryption (per
regulations such as HIPAA).
3. Compare and discuss the pros and cons between the use of hashing and the use of
encryption.
4. Discuss encryption key management techniques. What are some of the considerations and
issues? Give at least two examples of key management techniques.
Part B Lab Create Users and Tables
Phase 0: Creating and Running Scripts
This week you will be writing SQL/PL scripts to create users and tables and then run them in the
Oracle command shell, as noted last week.
In order to write a script, first open the virtual box and launch the virtual machine. Then open
the text editor.
You will then type the script into this file. When you are ready to save the file, you need to go to
File > Save As Next you will enter the filename and location. You can then save the file as
filename.sql. See the screen below
Now go to your Oracle terminal window and type sqlplus at the command prompt. Next enter
system for the userid and oracle for the password. At the SQL command prompt enter
@filename This will execute your sql script file. See the image above with the notes for more
details.
In addition to your text and notes, links to tutorials are provided in the left navigation panel
under Oracle and SQL/PL Resources
Phase 1: Creation of User Accounts
Scenario:
You have been assigned the task of writing a script for creating database users. The script will
perform the following tasks and conform to the following specifications:
1. Create the following two (2) users with their respective passwords. Please use the exact
spelling. (15 points)
User Name
Password
DBSEC
IS481%sec
VPD_CLERK1 Nancy#481
The following parameters apply to the above two (2) users.
2. The default table space is USERS.
3. The temporary table space is TEMP.
4. The user has to change his/her password the first time when he/she log in the database.
5. The user account will be assigned to the DEFAULT profile.
6. The USERS table space has a 30MB quota.
7. At the end of the creation, list the user information that shows a successful creation of the
above user account.
Tips:
a. You need system privilege to create new user. An easy way is to log in as SYSTEM before
running the script. Or, you may use “CONNECT system” or “CONNECT system/&password.”
Upon running your script, you will enter the password. The password is what you entered in your
installation or oracle if you are using the prebuilt image.
b. You will write the script in Notepad or WordPad. In order to test it again and again, it is a
good idea to add one statement of dropping the user at the beginning of the script. The drop
statement will be like “DROP USER dbsec CASCADE.”
c. A database dictionary view “dba_users” can be used to find user information. There are, of
course, other ways to do it, which are acceptable as well.
d. Please note that the password specification is case sensitive even though Oracle SQL
statement in general is not case sensitive.
Phase 2: Modify User and Create Tables
This part of the lab requires you to use all previous knowledge to create database objects and
populate data into tables. It will prepare you for database objects to practice various database
security techniques in this course.
You need to create one (the only one) SQL script that will complete the following tasks:
1. Connect to SYSTEM user. When you need to connect to SYSTEM users, please use a
syntax so that it will ask the user to type the password. A typical example will be:
“connect system;”
2. Change the password of the user “DBSEC” to “secc$1new.” Please note that the period
“.” is not a part of the password specification.
3. Grant the DBSEC user with “CREATE SESSION” and “CREATE TABLE” privileges.
4. Connect to DBSEC with the new password.
5. Create the following 5 tables under DBSEC schema.
DEPARTMENT with the fields:
• DEPARTMENT_ID,
• DEPARTMENT_NAME
Note: use DEPARTMENT_ID as the primary key
JOB
• JOB_ID
• JOB_TITLE
Note use JOB_ID as the primary key
EMPLOYEE
• EMPLOYEE_ID
• EMPLOYEE_NAME
Note use EMPLOYEE_ID as the primary key
CUSTOMER
• CUSTOMER_ID
• CUSTOMER_NAME
Note use CUSTOMER_ID as the primary key
SUPPLIER
• SUPPLIER_ID,
• SUPPLIER_NAME
Note use SUPPLIER_ID as the primary key
6. Populate the tables with your own sample data/
Tip:
To be able to repeatedly test your script, you may add “DROP TABLE table-name;” at the
beginning of your file to drop all tables.
Submission Requirement:
For each Phase 1 and 2 you will be required to submit the following:
The SQL script files will be required and the screen capture of the lab completed steps.
Grading Rubric
Criteria
Excellent
Competent
Needs Improvement
Use of
Encryption
(10 -9 points)
Meets “Proficient”
criteria and
substantiated with
evidence to support
use of encryption
(10 -9 points)
Discusses the data
elements that should
be encrypted. Meets
“Proficient” criteria
and substantiated with
evidence to support
selection.
(10 -9 points)
Meets “Proficient”
criteria and
substantiated with
evidence to support
reasoning for the pros
and cons of hashing
versus encryption
(10 -9 points)
Meets “Proficient”
criteria and
substantiated with
evidence to explain
key management
techniques
( 8- 4 points)
Provides
reasoning to
support use of
encryption
(3-0 points)
Insufficiently provides
reasoning for the use
of encryption
( 8- 4 points)
Discusses the
data elements
that should be
encrypted but
does not supply
reasons behind
selection.
( 8- 4 points)
Provides
reasoning for
the pros and
cons of hashing
versus
encryption
(3-0 points)
Insufficiently describes
the data elements that
should be encrypted.
10
(3-0 points)
Insufficiently provides
reasoning for the pros
and cons of hashing
versus encryption.
10
( 8- 4 points)
Provides an
explanation of
encryption
password and
key
management
with examples
of key
management
techniques
((3-0 points)
Insufficiently provides
explanation of the key
management
techniques
10
Data
Elements
Hashing vs
Encryption
Key
Management
Total
Points
Possible
10
Lab Phase 1
Creation of
User
Accounts
(30-27 points)
Submission includes
both the script file and
screen capture of the
creation of accounts
(26-15 points)
Submission
includes
both script file
and screen
captures of the
creation of
accounts but
contains errors.
(15-0 points)
Submission does not
include the both script
file and screen capture
of the creation of
accounts and contains
errors
30
Lab Phase 2
Modify User
and Create
Tables
(30-27
points) Submission
includes both the
script file and screen
capture of the creation
of tables and
modification of user
accounts
(26-15 points)
Submission
includes both
the script file
and screen
capture of the
creation of
tables and
modification
of user
accounts but
has errors
(15-0
points) Submission
does not includes both
the script file and
screen capture of the
creation of tables and
modification of user
accounts or contains
errors.
30

Purchase answer to see full
attachment