You are hired as a Database Security expert working for the company Star Sports and Outdoors. The company would like to ensure that its database is secure. During the first few days of your job, you familiarise yourself with the Orion Oracle database and find out how vulnerable the database is.

You understand that Orion DB stores a large amount of data in various tables and formats. This data includes:

Customer data including full names, addresses, phone number, email address, date of birth (for loyalty rewards and birthday vouchers).

Employee data including full names, addresses, phone numbers, date of birth, annual salaries, bank details (for payroll).

Supplier data including supplier organisations names, what products they supply to Orion (product code, product name, product price), bank details (so Orion can pay their suppliers).

Order data including transaction details such as what product was sold, which customer bought it, customers credit card details that they use to purchase products from Orion.

Order data is collected from transactions in store as well as from online orders.

Now that you are familiar with the database and how it is structured, you want to assess the security risks and vulnerabilities, and advise the company on how it can secure its database.

QUESTION Propose a Risk Management Plan for the company. Explain and justify the risks that Orion DB is vulnerable to.