You are a database administrator working for a large investment bank. One day, an application developer sends

You are a database administrator working for a large investment bank. One day, an application developer sends you an e-mail requesting that you perform a data change in one of the bank’s operational database systems. In the e-mail, he stresses the urgency and importance of this task. A minute later, you receive another e-mail, but this is from the developer’s manager to confirm the data change. This is the first time you have ever received this type of request. Usually, all requests go through the change management process. You can answer the questions from a framework of Confidentiality, Integrity, and Availability (C.I.A.).

Explain the security issues, or potential security issues, involved in this scenario.

Describe the risks involved if you comply with the request and the risks involved if you do not.

Explain how you would react to this incident, outlining your reasoning and whether you would comply or not.

Define the principle of least privilege. Why is this an important concept to database security?

Describe the concept of defense in depth as it pertains to information security. List and explain at least three examples of security measures that can be implemented in a “defense in depth” strategy.