## Module 1: Data Privacy & Security
### Learning Objectives
- Describe the different methods, their features, and benefits of implementing structured data access control
- Describe data encryption and its key concepts
- Describe the different data security measures and how they work
- Develop incident response plans
- Explain advanced data security techniques and relevant regulations
- Apply access controls and authentication processes effectively
- Implement robust encryption and cryptographic methods
- Identify and mitigate various cyberthreats and vulnerabilities
- Discuss the fundamental principles of data security

### Data Privacy
1. Define personally identifiable information, PII. 
    - Any data that can be used to identify a specific individual. This information can range from direct identifiers such as names, Social Security numbers, and email addresses to indirect identifiers like IP addresses, device IDs,and location data.
    - Examples of PII include: full name, home address, email address, passport number, Social Security number, credit card information, and phone numbers.
1. Define the CIA triad, confidentiality, integrity, and availability. 
    - Is a fundamental model used to guide information security practices, and it applies directly to data privacy. This model consists of three key principles, confidentiality, integrity, and availability, which together ensure that data is protected, reliable, and accessible to authorized users.
    - `Confidentiality` refers to the protection of sensitive information from unauthorized access. Involves implementing measures like encryption, access controls, and data masking
    - `Data integrity` ensures that information remains accurate, consistent, and trustworthy over its lifecycle. maintained through measures such as checksums, hashing, and regular audits.
    - `Availability` ensures that data is accessible to authorized users when needed. Systems and infrastructure supporting data storage and processing should be resilient and able to provide timely access to data. Measures such as redundancy, failover systems, and regular backups are essential.
1. Describe the need and strategies to implement data secrecy. 
    - closely related to confidentiality, but focuses more on preventing unauthorized parties from learning the content of sensitive data. Secrecy goes a step further by ensuring that data is completely hidden or disguised from unauthorized users. Techniques such as encryption and obfuscation ensure that even if data is intercepted or accessed, it cannot be understood or exploited. 
1. List the best practices to ensure data privacy.
    - Data Minimization - only collect and store data that is strictly necessary for a specific purpose. Minimizing the amount of data reduces the potential risk in the event of a breach.
    - Encryption and Anonymization - use encryption to protect data both at rest and in transit. Anonymization techniques can also be applied to sensitive information to ensure that even if it is accessed, it cannot be traced back to an individual.
    - Regular Audits and Monitoring - conduct regular security audits and monitor systems for any suspicious activity that could indicate a breach or attempted unauthorized access to data.
    - Employee Training - ensure that employees understand the importance of data privacy and are trained on how to handle personal data responsibly. Human error is a common cause of data breaches, and well informed employees can act as the first line of defense. 
    - Compliance with Regulations - Organizations must stay up to date with evolving privacy regulations, such as General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Health Insurance Portability and Accountability Act (HIPAA). Compliance is essential not only for avoiding legal consequences, but also for building trust with customers.

### Data Security
1. Describe the importance and need for data security. 
    - Data security refers to the strategies that you use for protecting digital information in an organization from unauthorized access, theft, or damage.
    - Why data security is important: 
        - Protection from cyberattacks - hacking, ransomware, and phishing
        - Prevention of data breaches - leads to identity theft, financial fraud, and other forms of exploitation
        - Compliance with regulations - failure to adhere to regulations (GDPR, CCPA, HIPAA) can result in heavy fines and legal consequences
        - Preserving business reputation - sustaining customer loyalty and business continuity
        - Ensuring data integrity - information remains accurate, consistent, and unaltered by unauthorized entities 
1. Describe the different data security measures and how they work.
    - Physical data security - involves protecting the hardware and physical infrastructure that stores data
    - Surveillance and monitoring - monitor physical access to data storage locations
    - Secure disposal - wiping data or destroying storage media to prevent data recovery by unauthorized individuals
    - Network security - protects the data during transmission across internal and external networks from external intervention, unauthorized access, and tampering. Protect data in motion and prevent external cyberattacks.
    - Application security focuses on protecting software applications and services from security vulnerabilities that could expose sensitive data. Key application security practices include secure coding practices.
    - Regular updates and patches
    - Authentication and access control - implement reliable authentication mechanisms, such as multi-factor authentication
    - Data encryption - involves encoding data to make it unreadable to unauthorized users, applied to both data at rest and in transit
        - Two main types of encryptions:
            - Symmetric Encryption - the same key is used for both encryption and decryption. This method is fast and efficient, making it ideal for encrypting large amounts of data, such as backups
            - Asymmetric encryption - uses a pair of keys, one for encryption, public key, and one for decryption, private key. This method is commonly used for secure communication, such as email encryption and digital signatures
    - Access control - manages permissions to view, modify, or delete data. Methods include:
        - Role-Based Access Control (RBAC) - used to assign permissions to users based on their role and responsibilities within the organization
        - Least privileged principle - Users should have minimum level of access required to perform their responsibilities and duties
    - Backup and recovery - procedures are critical for safeguarding against data loss due to accidental deletion, hardware failure, or cyberattacks. Regular backups in multiple locations ensure recovery of critical information with minimum disruptions to business operations

### Data Exposure
1. Describe Data Exposure & its causes
    - Incidence of accidentally making sensitive data accessible to unauthorized parties
    - Due to human error, cybersecurity threats such as phishing, malware, insider threats, password attacks, and more
1. Describe the different types of cybersecurity threats & their mitigation strategies
    - Phishing - one of the most common methods, deceptive emails, fake websites
        - Mitigation - robust email filtering systems, educate users about tactice, and conduct regular cyber awareness training
    - Malware - many forms such as viruses, worms, or spyware, designed to infect systems & steal data
        - Mitigation - regularly update software, install strong antivirus programs, and educate users about the dangers of unverified downloads
    - Insider Threat - Employees, contractors, partners, or other stakeholders with access to sensitive data may unintentionally expose it through negligence or intentionally disclose it for personal gain or revenge
        - Mitigation - implement strict access controls, monitor employee activity, and enforce policies about data handling and security protocols
    - Password Attacks - used to gain unauthorized access to accounts or systems with brute force attacks, credential stuffing, or dictionary attacks
        - Mitigation - organizations & individuals must adopt strong password policies, encourage the use of multifactor authentication, & implement password managers to store complex passwords securely
    - Denial-of-Service (DoS) attack - aims to overwhelm a network, server, or website with traffic, causing it to crash or become unavailable. Distributed Denial-of-Service (DDoS) involve multiple compromised systems flooding the target
        - Mitigation - implement traffic monitoring, network segmentation, and cloud-based DoS-mitigation services
    - Man-in-the-Middle (MITM) attack - occurs when an attacker intercepts and alters communication between two parties undetectably, typically occur over unsecured networks, such as public Wi-Fi
        - Mitigation - Encrypting data, using secure VPNs, and avoiding untrusted networks
    - SQL Injection attacks - target websites and applications that use SQL databases
        - Mitigation - use parameterized queries, validate input data, and regularly test their applications for any flaws
    - Zero-Day attack - exploits target software vulnerabilities that are unknown to the software vendor
        - Mitigation - maintaining a proactive approach to cybersecurity, including constant system monitoring, rapid patch management, and the use of advanced threat detection systems

### Summary
Data privacy is a fundamental aspect of modern information security, essential for protecting individuals' personal information from misuse and ensuring compliance with legal standards. 

By adhering to the principles of confidentiality, integrity, availability, and secrecy, organizations can safeguard data and maintain the trust of their customers.

Data security involves strategies to protect digital information from unauthorized access, theft, or damage, making it essential for organizations.

In the digital age, sensitive data is increasingly at risk of exposure due to human error and various cybersecurity threats, including phishing, malware, insider threats, and password attacks.

Cybercriminals use deceptive emails and fake websites to trick individuals into revealing sensitive information like usernames and passwords, often impersonating trusted entities.

Malware, such as viruses and spyware, can be unintentionally downloaded by users, leading to unauthorized access to sensitive data, including financial information and personal identifiers.

Key data security practices include: 

- Encryption

- Access control

- Security audits

- Backup and recovery

- Patch management

- Employee training

- Compliance with regulations 

The CIA Triad—confidentiality, integrity, and availability—forms the foundation of a strong data security framework, ensuring that sensitive data is accessible, accurate, and available to authorized users.

By prioritizing data security and adopting best practices, organizations can mitigate risks, protect their valuable assets, and foster trust with their clients and stakeholders in an increasingly data-driven world.

Encryption involves converting data into an unreadable format, ensuring only authorized users with the correct decryption key can access it.

The key aspects of data encryption include encryption methods, algorithms, key management, public key infrastructure (PKI), hashing, and quantum-safe computing.

Data access management is essential for securing data and preventing unauthorized access by utilizing methods such as role-based access control (RBAC), group-based access control, and API access.

RBAC enhances security by assigning permissions to roles instead of individuals, ensuring users have the minimum necessary access to perform their job functions.

API security is crucial for protecting sensitive data, requiring robust authentication, authorization, and encryption measures to prevent breaches and unauthorized access.

## Module 2: Data Architecture & Governance
### Learning Objectives
- Describe the components of a data architecture framework
    - Data Models - visual representations of how data is structured and organized, define relationships between different data elements. Common types:
        - Conceptual
        - Logical
        - Physical
    - Data Storage - refers to  where data is physically stored (databases, data warehouses, data lakes, cloud storage)
    - Data Integration - ensures that the multiple sources of data can be unified & available for analysis
        - ETL (extract, transform, load) help in collecting, processing, and moving data into centralized systems
    - Metadata - data about data, provides context by describing contents & characteristics of data
    - Data Security & Privacy - implementing encryption, access controls, and data masking | policies like GDPR and HIPAA ensure compliance with legal regulations
    - Data Governance - set of policies, standards, and procedures that govern how data is managed across an org, ensure data quality, consistency, and accessibility
- Describe the considerations and practices required to comply with each principle
- Define data architecture and its core components
    - the blueprint that outlines how data is collected, stored, managed, and used within orgs, ensuring that data infrastructure supports business needs. Structural design of org data assets and standards, policies, and models
- Design robust data architectures and infrastructure
- Apply master data management principles
- Implement high data quality and integrity throughout the data lifecycle
- Develop effective data governance frameworks

### Data Management & Governance
#### What is Data Management
- What you will lean:
    - Define data management
        - Collecting, storing, organizing, maintaining, and using data
        - Ensures information is accurate, accessible, and secure
        - Includes techniques that govern data flow
    - Describe reasons for implementing data management
        - Supports informed decision making using accurate information
            - Example: Using sales data to forecast inventory
        - Ensure compliance with regulations (GDPR and HIPAA)
        - Enhances operational efficiency: Makes accurate information accessible
        - Mitigates risks by securing sensitive data: Minimize potential threats from breaches
    - Discuss stages of data management lifecycle
        - Outlines stages through which data passes
        - Key stages:
            - Data Creation or Collection
                - Involves acquiring data from internal systems, customer interactions, sensors
                - Essential to ensure collected data is accurate
            - Data Storage 
                - Databases: 
                    - SQL DBs handle structured data
                    - NoSQL DBs handle unstructured or semi-structured data
                - Data warehouses:
                    - Support large-scale data analysis & reporting 
                - Data lakes:
                    - Offer extensive storage for holding raw data
            - Data Maintenance & Cleansing
                - Ensures that data remains reliable
                - Remove duplicate records, Correct entry errors, Ensure data in proper format
                - Maintains data quality
            - Data Usage
                - Involves accessing, analyzing, and applying data
                - Generate reports, Perform statistical analyses, Power machine learning models
                - Employs business intelligence tools to extract insights
            - Data Sharing & Distribution
                - Implementing secure & well-managed protocols
                - Using APIs, Dashboards, Real-time data feeds
            - Data Archiving
                - Retaining data for legal or historical purposes
                - Moves data to secure, cost-effective storage
                - Preserving data for future reference
                - Considers retrieval in audits
            - Data Deletion
                - To prevent unauthorized recovery
                - To reduce storage costs
                - Mitigates risks of data breaches
    - Identify best practices for effective data mangement
        - Adopt data governance framework
            - Ensures consistent data policies & defines roles
        - Ensure data quality
            - Implementing validation processes & conducting audits
        - Leverage automation tools for streamlining tasks
            - Improves efficiency & reduces human error
        - Prioritize data security
            - Implementing encryption, acces controls, audits
        - Invest in scalable storage & processing solutions
            - Accommodates growing data volumes & ensure flexibility

#### What is Data Governance
- What you will learn
    - Define Data Governance
        - Involves management of data's availability & security
        - Establishes a framework for ensuring proper data management
        - Ensures compliance with specific business standards
        - Key elements: Data Ownership, Data Quality, Data Security, Regulatory Compliance
    - Explain the importance of Data Governance
        - Helps orgs comply with regulations (GDPR, HIPAA)
        - Improves data quality by establishing policies & procedures
        - Enhances decision-making - provides reliable data for analysis
        - Allows risk management - identifies & mitigates potential threats
    - Describe key Data Governance Frameworks
        - Control Objectives for Information & Related Technology (COBIT) 
            - Developed by Information Systems Audit & Control Association (ISOCA)
            - Globally recognized framework
            - Help develop strategies for IT governance
        - Information Security Management System (ISO) 27001
            - Focuses on managing information security
            - Includes overall information security
            - Emphasizes on managing & protecting sensitive data
            - Prioritizes data confidentiality, integrity, and availability
            - Utilizes policies for data access & dissemination
    - Discuss commonly used Data Governance tools & solutions
        - Collibra - Data cataloging, Stewardship management, Policy enforcement
        - Informatica - Metadata management capabilities, Data lineage tools to track data flows
        - Talend - Open-source & enterprise-grade data integration tools, Ensures data integrity & quality, Helps comply with regulations
        - SAP Master Data Governance (MDG) - Enterprise solution, Manages & governs master data across an org, Centralizes master data management, Ensures high data quality & consistency
        - IBM Cloud Pak for Data - Combines data governance, AI, & analytics capabilities, Offers tools for data discovery & cataloging, Enables businesses to enforce governance policies, Ensures regulatory compliance

### Summary: Data Architecture & Governance
Data architecture provides the structure, policies, and models necessary to ensure that data is well-organized, accessible, and secure. 

By overcoming challenges such as data silos, complexity, and evolving technologies, organizations can develop a flexible and scalable architecture that supports their long-term success in a data-driven world. 

An organization needs to adhere to data architecture principles—consistency, scalability, security, flexibility, interoperability, and quality—to derive value from its data. 

The data architecture principles ensure that data systems are reliable, adaptable, and secure, enabling businesses to leverage data more effectively for strategic decision-making and competitive advantage. 

By incorporating best practices such as aligning with a clear data strategy, ensuring data quality, adopting a modular design, prioritizing security, and enabling interoperability, organizations can create data architectures that are not only robust but also scalable and adaptable to future needs. 

Data management lifecycle includes stages from data creation to disposal including data creation, storage, maintenance, usage, sharing, archiving, and deletion. 

Best practices for data management include adopting data governance, ensuring data governance, data security, leveraging automation, and investing in scalable storage solutions. 

COBIT is a globally recognized framework that provides guidelines for controlling and securing data. 

ISO 27001 is an international standard that focuses on information security, ensuring data confidentiality, integrity, and availability. 

The core principles of data governance include: 

- Data accuracy 

- Data accountability 

- Data consistency 

- Data compliance 

- Data integrity 

- Data stewardship 

- Data transparency 

The key roles in data governance include: 

- Data governance council or committee 

- Chief data officer or CDO 

- Data stewards 

- Data owners 

- Data custodians 

- Data analysts or scientists 

- Data governance managers 

- Compliance officers

### Module 3: Risk & Compliance
#### Learning Objectives
- Implement effective risk management and mitigation strategies
- Handle data breaches and security incidents effectively and in accordance with legal requirements
- Develop robust compliance programs
- Discuss relevant data protection regulations and standards
- Respond to data breaches and security incidents effectively and in accordance with legal requirements
- Establish and maintain robust compliance programs
- Navigate and comply with relevant data protection regulations and standards
- Develop and implement effective risk management and mitigation strategies
- Identify and assess data risks within your organization

### Data Risk Management

##### What is Data Risk Management
- What you will learn
    - define data risks
    - describe data risk management
    - discuss the key elements of data risk management
    - identify the key reasons for implementing data risk management

- Summary
    - Data risks are potential threats to an organization's data. 
    - main elements of risks include: 
        - risk identification
        - risk assessment - assessing impact & likelihood of risk, enable orgs to prioritize risks effectively, allows better resource allocation
        - risk mitigation - implement safeguards, policies, controls, minimize chances of risk events
            - strategies: data encryption, access controls, regular data audits, employee training
        - monitoring & reporting - detect emerging threats, identify changes in risks levels
            - strategies: 
                - use real-time monitoring tools:
                    - track data access, network activity, user behavior
                    - helps to identify suspicious activities
                - implement incident response plans:
                    - ensure quick reaction to data breaches or cyberattacks
                    - minimizes potential damage
                - conduct regular reporting:
                    - enable leadership to stay informed
                    - involves taking actions to strengthen data protection
    - The different types of risks include: 
        - cybersecurity risks - external threats, Ex: hacking, phishing, malware, ransomware
        - operational risks - internal issues, Ex: human error, system failures
        - compliance risks - failing to adhere to regulations, Ex: GDPR, HIPAA, CCPA
        - third-party risks - when outsourcing data processing, increase potential for data exposure or mishandling
    - Risk assessment involves evaluating three key factors: 
        - probability of occurrence, potential impact, and organizational vulnerability. 
    - Effective data risk management:
        - protect sensitive information
        - ensure compliance with regulations
        - maintain business continuity
        - enhance customer trust

##### Prioritizing Data Risk Management
- What you will learn
    - identify the most significant risks to data
    - discuss preventive measures to mitigate various data risks

##### Summary
- most significant risks to data include: 
    - cyber attacks and data breaches
    - insider threats
    - human error
    - natural disasters & physical damage
    - compliance & regulatory risks
- cybercriminals:
    - exploit vulnerabilities and systems to gain unauthorized access to data
- Data breaches occur when 
    - unauthorized individuals access or steal sensitive information 
- Individuals within organizations can pose: 
    - intentional or unintentional threats by misusing their access or mishandling data
- Human errors include:
    - improper storage
    - weak passwords
    - accidental deletion
- Natural disasters and physical damage, including floods, fires, and theft:
    - can cause permanent data loss
- Compliance risks arise when organizations fail to meet data protection regulations:
    - leading to fines, legal issues, and damaged reputations

##### Best Practices for Managing Data Risks
- Ojectives
    - Discuss best practices for managing data risks.
    - Identify key strategies to safeguard sensitive data.
- Introduction
    - Data risks have become a critical concern for businesses in today's digital landscape. The threat of breaches and cyber-attacks is rising with the increasing use of cloud services and data-driven technologies. Effective risk management is essential to safeguard data, ensure compliance, build customer trust, and prevent financial losses.

    - Let us discuss the best practices for managing data risks, focusing on key strategies organizations should implement to safeguard their data.

- Conduct regular risk assessments
    - Managing data risks begins with understanding the scope of potential threats. Risk assessments help identify vulnerabilities, prioritize risks by their potential impact, and guide the development of mitigation strategies.

    - Here are the steps to conduct a risk assessment:

        - Identify and catalog sensitive data assets, including personal information, intellectual property, and customer data.

        - Analyze potential threats like malware attacks, insider threats, data breaches, and accidental leaks.

        - Assess current security measures to identify any vulnerabilities or gaps that could be exploited.

        - Prioritize risks based on their potential impact and likelihood, focusing on addressing the most critical threats first.

        - Conduct regular risk assessments to adapt to new and evolving threats and changes in business operations.

- Implement strong access controls
    - Implementing strong access controls is a key strategy for minimizing data risks. Limiting access to sensitive information ensures that only authorized individuals can view or modify data, reducing the risk of insider threats and accidental leaks.

    - Best practices for access control include:

        - Assign role-based access (RBAC), granting permissions based on employees' job responsibilities to ensure they only access necessary data.

        - Require multi-factor authentication, or MFA, for accessing sensitive systems, adding an extra layer of security.

        - Conduct regular audits to review access permissions and revoke unnecessary privileges, maintaining optimal security.

- Encrypt sensitive data
    - Data encryption is a critical step in safeguarding sensitive information from unauthorized access. Whether data is at rest or in transit, encryption ensures that only those with the correct decryption key can read the data.

        - Implement end-to-end encryption to secure data from origin to destination, preventing interception during transmission.

        - Encrypt backup data to protect data against theft, leaks, or unauthorized access.

        - Use strong encryption standards, such as Advanced Encryption Standard (AES) 256-bit, to provide comprehensive protection against decryption attempts.

- Employee training and awareness
    - Human error remains one of the primary causes of data breaches and security incidents. Employees may unknowingly click on phishing links, mishandle data, or fail to follow security protocols. Regular training programs can help employees recognize data risks and avoid behaviours that expose sensitive information.

    - The key areas to focus on while conducting employee training include:

        - Focus on teaching employees how to identify and report phishing attacks.

        - Ensure all employees understand the company’s data handling and security policies.

        - Educate employees about maintaining good password hygiene, including using strong, unique passwords and not sharing credentials.

        - Conduct ongoing training efforts with periodic refreshers to keep employees updated on the latest threats and best practices for data security.

- Monitor and respond to security incidents
    - Organizations must recognize that no system is immune to security breaches, even with preventive measures. Therefore, a well-defined incident response plan is essential for detecting, responding to, and mitigating the effects of security incidents in real-time.

    - Here are the components of an effective incident response plan:

        - Perform continuous monitoring. Tools such as intrusion detection systems, IDS, security information, event management, and SIEM software are used to monitor network traffic and detect unusual activity.

        - Establish a dedicated team that responds to security incidents. This team must be well-trained in containing and mitigating breaches.

        - Following any security incident, conduct a thorough post-incident review to understand the cause and prevent future occurrences, ensuring that risk assessments and security protocols are updated as necessary.

- Maintain a comprehensive backup strategy
    - Compliance with data protection regulations goes beyond avoiding fines. It also helps organizations implement crucial data security practices. Regulations such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Health Insurance Portability and Accountability Act (HIPAA) require organizations to adopt specific data protection measures.

    - Here are the steps for maintaining compliance:

        - Stay informed about the regulations applicable to your industry and location, ensuring your policies align with these requirements.

        - Maintain thorough records of how your organization collects, stores, processes, and shares data.

        - Regularly conduct compliance audits to verify that your organization meets all legal requirements and promptly address any identified gaps.

- Summary
- In this reading, you learned that:

    - Effective risk management is essential to protect data, ensure compliance, build customer trust, and prevent financial losses.

    - Organizations should conduct regular risk assessments to identify vulnerabilities, analyze potential threats, and prioritize risks based on their impact.

    - Implementing strong access controls, such as RBAC and MFA, helps minimize data risks.

    - Data encryption is also vital for protecting sensitive information in transit and at rest.

    - Regular employee training programs raise awareness about data security and reduce human error.

    - Organizations must maintain compliance with data protection regulations to ensure robust data security practices.

##### Mitigate Risk with Effective Data Risk Management
- What you will learn

### Data Compliance & Regulations

### Summary
Data risks are potential threats to an organization’s data.

The data risk management process includes four main elements: risk identification, risk assessment, risk mitigation, and ongoing monitoring.

Risk assessment involves evaluating three key factors: the probability of occurrence, potential impact, and organizational vulnerability.

The most significant risks to data include cyberattacks, insider threats, human error, natural disasters, physical damage, and compliance and regulatory risks.

Data risk management involves identifying, assessing, and minimizing risks to safeguard sensitive information from internal and external threats.

The key components of data risk management include risk identification, risk assessment, security controls, monitoring, incident response, employee training, and regulatory compliance.

Key components of data compliance include data collection and processing, storage and security, access and sharing, retention and deletion, and breach response.

Organizations must address challenges such as complexity, resource intensity, global reach, data volume and variety, and technological advancements.

To achieve compliance with data regulations, organizations should implement data security measures, conduct regular audits and assessments, and train employees on data handling protocols.

The chief data compliance regulations include GDPR, HIPAA, CCPA, FISMA, and SOX.

### Exercise 3: Secure data using encryption

In [None]:
/*
hash your passphrase (consider your passphrase is My secret passphrase) with a specific hash length (consider your hash length is 512) using a hash function (here you will use the hash function from SHA-2 family). It is good practice to hash the passphrase you use since storing the passphrase in plaintext is a significant security vulnerability. Use the following command in the terminal to use the SHA2 algorithm to hash your passphrase and assign it to the variable key_str:
*/
SET @key_str = SHA2('My secret passphrase', 512);

-- connect to the database
USE customerorders;

--  look at the customers table in our database
SELECT * FROM customers LIMIT 5;

/*
encrypt the addressLine1 column, you will first convert the data in the column into binary byte strings of length 255
*/
ALTER TABLE customers MODIFY COLUMN addressLine1 varbinary(255);

-- encrypt addressLine1 column, using AES encryption standard and our hashed passphrase
UPDATE customers SET addressLine1  = AES_ENCRYPT(addressLine1 , @key_str);

/*
use the AES_DECRYPT command, and since AES is symmetric, we use the same key for both encryption and decryption
*/
SELECT cast(AES_DECRYPT(addressLine1 , @key_str) as char(255)) FROM customers;