Artifact 1: Research Paper on the 2016 Uber Data Breach

Key Elements of the Research

  • Thorough Analysis:
    The paper dissects the Uber data breach, identifying vulnerabilities in credential management, cloud storage security, and incident response.
  • Use of Evidence:
    It integrates information from credible sources to support arguments, including technical details about the breach and its aftermath.
  • Proposed Solutions:
    I outline actionable measures to prevent similar breaches, such as secure credential management and regular audits.

Skills Demonstrated

  • Research and Information Gathering:
    Sourcing reliable information from technical journals and news articles to construct a detailed narrative.
  • Critical Thinking:
    Identifying root causes of the breach and connecting them to broader cybersecurity principles.
  • Technical Communication:
    Presenting complex cybersecurity concepts in a structured and accessible manner.
  • Problem-Solving:
    Offering solutions grounded in cybersecurity best practices, demonstrating a proactive approach to addressing vulnerabilities.

Short Research Paper #1
Kobe Trusty
Dr. Joseph
CYSE 300
8 September 2024
In 2016, Uber Technologies Inc. experienced a major cybersecurity breach in which
personal data of 57 million Uber users and drivers was exposed. The breach was not disclosed
until 2017, leading to significant repercussions for the company. The Uber data breach was
primarily due to vulnerabilities in their security infrastructure. The attackers gained access to a
private GitHub repository used by Uber developers. This repository contained sensitive
information, including credentials for accessing Uber’s production environment. The attackers
used these credentials to access an unsecured AWS (Amazon Web Services) S3 bucket, which
stored a significant amount of personal data.
For the Uber data breach of 2016, there were many key vulnerabilities. Uber developers
stored sensitive credentials in a public GitHub repository. This included access keys and
credentials that provided administrative access to Uber’s cloud infrastructure. Storing such
credentials in a publicly accessible repository exposed them to unauthorized access. The
attackers accessed an AWS (Amazon Web Services) S3 bucket that was not properly secured.
This bucket contained a large volume of personal data, including names, email addresses, and
phone numbers of Uber users and drivers. The lack of adequate security controls on this storage
led to unauthorized access. Uber’s overall security practices were insufficient to detect and
prevent the breach. There were no effective monitoring or alerting systems in place to identify
the unauthorized access or to respond promptly. Uber did not disclose the breach for over a year
after it was discovered. The delay in reporting the breach meant that affected individuals and
regulators were not informed in a timely manner, which exacerbated the consequences and raised
questions about Uber’s commitment to transparency and accountability.
The Uber data breach was primarily exploited through two main threats. The threat actors
used the stolen credentials from the public GitHub repository. These credentials provided access
to Uber’s cloud infrastructure. With these credentials, attackers could authenticate themselves as
legitimate users and gain unauthorized access to Uber’s AWS S3 storage, where the sensitive
data was kept. Once inside Uber’s cloud environment using the stolen credentials, the attackers
accessed an AWS S3 bucket containing personal data of Uber users and drivers. The attackers
downloaded the data, which included names, email addresses, and phone numbers, from the
unsecured S3 bucket. These threats exploited Uber’s security vulnerabilities by leveraging poor
credential management and unsecured cloud storage. The attackers’ ability to use stolen
credentials for unauthorized access underscores the need for robust credential security and cloud
storage practices.
The repercussions of the Uber data breach were significant and multifaceted. Uber faced
substantial financial penalties because of the breach. In 2018, the company agreed to pay $148
million to settle claims related to the breach, which was one of the largest settlements for a data
breach at that time. The company incurred significant legal expenses related to defending against
lawsuits and regulatory investigations. The breach led to a loss of trust among users, drivers, and
the public. Uber’s handling of the breach, including the delayed disclosure, damaged its
reputation as a responsible and trustworthy company. The breach attracted extensive negative
media attention, further harming Uber’s public image and brand reputation. The breach led to
investigations by various regulatory bodies, including state attorneys general and the Federal
Trade Commission. These investigations scrutinized Uber’s data protection practices and
compliance with privacy laws. Uber had to undertake a significant overhaul of its security
practices and policies. This included improving its incident response protocols, enhancing
security measures, and implementing more rigorous data protection practices.
To mitigate the consequences or prevent the Uber data breach, several key cybersecurity
measures could have been implemented. Sensitive credentials should be managed using
dedicated secrets management tools or services that securely store and handle access keys and
credentials. Developers should avoid hardcoding sensitive credentials in code repositories.
Instead, use environment variables or secure storage solutions. Implement strict access controls
and permissions for cloud storage services like AWS S3 buckets. Ensure that only authorized
personnel have access to sensitive data. Encrypt data stored in cloud storage to protect it from
unauthorized access, both at rest and in transit. Perform regular security audits and vulnerability
assessments to identify and address potential security weaknesses. Set up continuous monitoring
and alerting systems to detect unauthorized access or anomalies in real-time. Provide regular
training for employees, especially developers, on secure coding practices, data protection, and
proper handling of credentials. Promote awareness about cybersecurity best practices and
potential threats to help prevent security lapses. By adopting these measures, organizations can
enhance their security posture, reduce the risk of breaches, and better manage the consequences
of any incidents that do occur.
The Uber data breach of 2016 serves as a stark reminder of the critical importance of
robust cybersecurity measures and proactive incident management. The breach exposed personal
data of 57 million Uber users and drivers, highlighting significant vulnerabilities within Uber’s
security infrastructure. Key issues included inadequate credential management, unsecured cloud
storage, and ineffective monitoring systems. These weaknesses were exploited by attackers who
used stolen credentials to gain unauthorized access to sensitive data, leading to severe
repercussions for the company. The financial impact, reputational damage, and regulatory
scrutiny faced by Uber underscore the broader consequences of cybersecurity lapses. The
settlement of $148 million and the negative media attention reflect the profound effects that such
breaches can have on an organization’s financial health and public image. Additionally, the
breach prompted Uber to overhaul its security practices and implement more rigorous data
protection measures. To mitigate the risk of similar incidents, organizations must adopt
comprehensive cybersecurity practices. Implementing secure credential management, enhancing
cloud storage security, conducting regular audits, and providing ongoing employee training are
essential steps. By addressing these areas, organizations can better safeguard their data, respond
effectively to potential breaches, and maintain trust with stakeholders. In conclusion, the Uber
data breach emphasizes the need for vigilance and preparedness in the face of evolving cyber
threats. Organizations must continually assess and improve their security measures to protect
sensitive information and minimize the impact of any security incidents.
Works Cited
Zengler, T. (2018). The Uber Data Breach: A Year in Review. Tech Journal, 10(2), 45-57.
Lee, T. B. (2017). Uber’s Massive Data Breach: What We Know So Far. The Verge.

Artifact 2: Research Paper on Security Policy Best Practices

This paper strongly reflects my research abilities, showcasing your capability to gather, analyze, and synthesize information into actionable insights.

Research Skill Demonstrated

  1. Effective Information Gathering:
    • The paper draws from authoritative sources like NIST Special Publications and industry-focused texts. This demonstrates my ability to locate and use high-quality, reliable references.
    • Referencing specific encryption standards (e.g., AES, TLS) and frameworks highlights my skill in identifying relevant technical details.
  2. Synthesis of Complex Topics:
    • By covering multiple facets of security policies (e.g., data classification, encryption, incident response), the paper illustrates my ability to combine various aspects into a coherent narrative.
    • Shows proficiency in translating technical concepts into clear, actionable guidelines for organizations.
  3. Evidence-Based Analysis:
    • The recommendations provided—such as adopting least-privilege principles or performing regular audits—are grounded in best practices and supported by established standards.
    • MY structured presentation reflects careful analysis of the material to draw logical and practical conclusions.
  4. Critical Engagement with Sources:
    • The paper evaluates frameworks like GDPR, HIPAA, and PCI-DSS, showing my ability to critically assess and apply regulatory standards in cybersecurity contexts.
    • I use these references to propose solutions tailored to organizational needs, demonstrating a deeper understanding of the material.

Relevance to Research Skill

  • This artifact illustrates my ability to conduct detailed research on technical topics, a crucial skill in cybersecurity roles.
  • MY integration of established frameworks and technical recommendations shows I am adept at transforming theoretical knowledge into actionable strategies.
  • The breadth of topics covered (data security, compliance, incident response) demonstrates versatility in handling diverse subject areas.

Short Research Paper #2
Kobe Trusty
Dr. Joseph
CYSE 300
15 September 2024
Data classification and handling are fundamental to a robust security policy, especially
when managing sensitive data on database servers. Implementing a comprehensive classification
scheme is essential, categorizing data into levels such as Public, Internal, Confidential, and
Restricted based on sensitivity. Public data, which poses minimal risk, can be freely shared,
whereas Confidential and Restricted data require stringent protection measures. Handling
procedures must be meticulously defined, including access controls to ensure that only
authorized personnel have access to specific data levels, secure storage practices such as
encryption for Confidential and Restricted data, and protected transmission methods, such as
HTTPS and VPN, for data in transit. Secure disposal procedures for outdated or unnecessary
data, including physical destruction of storage media and thorough digital deletion, are also
crucial. Employees should receive training on these classification and handling procedures,
understanding their importance and specific requirements. Regular compliance monitoring and
audits are necessary to ensure adherence to these policies, with comprehensive documentation
maintained and periodically reviewed to adapt to regulatory changes and organizational needs.
By establishing and enforcing these data classification and handling practices, organizations can
safeguard sensitive information, mitigate risks, and maintain alignment with security objectives.
Access controls and authentication are vital components of a security policy, crucial for
protecting sensitive data and ensuring that only authorized individuals can access critical
systems. Access controls involve implementing mechanisms that restrict access to information
and resources based on user roles and responsibilities. Role-based access control is a common
approach, where access rights are assigned according to the user’s role within the organization,
ensuring that individuals can only access data necessary for their job functions. Multi-factor
authentication enhances security by requiring users to provide multiple forms of verification,
such as a password and a one-time code sent to their mobile device. This additional layer of
security helps prevent unauthorized access even if credentials are compromised. Least privilege
principles should be enforced, granting users only the minimum level of access required for their
tasks, thereby reducing the risk of insider threats and accidental data exposure. Access rights
should be regularly reviewed and updated to reflect changes in roles or employment status,
ensuring that former employees or those with changed roles do not retain unnecessary access.
Implementing robust authentication methods and stringent access controls minimizes the risk of
unauthorized access, enhances overall security, and ensures that sensitive data is protected
against both external and internal threats.
Data encryption is a critical aspect of a security policy, designed to protect sensitive
information both at rest and in transit. For data at rest, encryption ensures that stored information
is secured against unauthorized access, even if physical storage devices are compromised. This
involves using strong encryption algorithms, such as AES, to encode the data, making it readable
only to those who possess the decryption key. Implementing effective key management practices
is essential to safeguard encryption keys and ensure they are not exposed to unauthorized
individuals. For data in transit, encryption protects information as it travels across networks,
preventing eavesdropping and interception by malicious actors. Protocols such as TLS should be
employed to encrypt data being transmitted over the internet or internal networks, ensuring that
sensitive information remains confidential and secure. Organizations must also establish policies
for regular key rotation and update encryption methods to address emerging threats and
vulnerabilities. By incorporating strong encryption practices into the security policy,
organizations can safeguard sensitive data from unauthorized access and breaches, ensuring that
both stored and transmitted information remains protected against potential threats.
Incident response and reporting are essential components of a comprehensive security
policy, designed to manage and mitigate the impact of security incidents effectively. A welldefined incident response plan is crucial, outlining procedures for detecting, responding to, and
recovering from security breaches. This plan should include mechanisms for early detection
through tools like intrusion detection systems, and a structured approach for incident
classification, such as minor, major, or critical. Response procedures must detail steps for
containment, eradication, and recovery, with clearly assigned roles and responsibilities for the
incident response team. Communication protocols are vital, ensuring timely notifications to
stakeholders, regulatory bodies, and affected parties, while maintaining accurate records of the
incident and actions taken. Post-incident analysis is necessary to assess the response’s
effectiveness, determine the root cause, and update policies and procedures based on lessons
learned. Regular training and simulation exercises for staff are essential to ensure preparedness
and familiarity with response procedures. By implementing these measures, organizations can
effectively handle security incidents, minimize their impact, and enhance overall security
resilience.
Regular audits and compliance are fundamental aspects of a security policy, ensuring that
security measures are effective and aligned with regulatory requirements. Conducting regular
security audits involves systematically reviewing and assessing an organization’s security
controls, policies, and practices to identify potential vulnerabilities and areas for improvement.
These audits should cover all aspects of the information system, including access controls, data
protection measures, and incident response procedures. Compliance with industry standards and
regulations, such as GDPR, HIPAA, or PCI-DSS, is essential for meeting legal and contractual
obligations. Regular compliance checks help ensure that the organization adheres to these
standards and avoids potential legal penalties. Audits should be performed by internal or external
experts with no conflicts of interest, and findings should be documented and addressed promptly.
Regular updates to security policies and procedures should be made based on audit results and
changes in regulations or technology. Additionally, maintaining comprehensive documentation of
audit results and compliance efforts is critical for demonstrating adherence to standards and
preparing for potential regulatory reviews. By integrating regular audits and compliance checks
into the security policy, organizations can maintain a strong security posture, address
vulnerabilities proactively, and ensure ongoing adherence to regulatory requirements.
Works Cited
Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed
Systems. Wiley.
NIST. (2020). Guide for Conducting Risk Assessments (NIST Special Publication 800-30
Revision 1). National Institute of Standards and Technology

Artifact 3: Policy Analysis Paper on National Cybersecurity Authority

This artifact demonstrates my ability to analyze and evaluate the political and strategic implications of cybersecurity policies. The paper highlights my research skills through the exploration of complex, multifaceted topics within the cybersecurity domain.

Research Skill Demonstrated

  1. Thorough Exploration of Policy Implications:
    • The paper analyzes the National Cybersecurity Authority’s role and its potential impact on federal agencies, critical infrastructure, and international relations.
    • It demonstrates my ability to evaluate the broader context of cybersecurity policies, including resource allocation, interagency dynamics, and international tensions.
  2. Integration of Authoritative Sources:
    • Referencing works by authors like Arnold, Dewar, Forsyth, and Fisher indicates my ability to identify credible sources relevant to cybersecurity policy and strategy.
    • The diversity of perspectives—ranging from political analysis to the societal implications of cyber policy—enriches the paper’s depth.
  3. Balanced Argumentation:
    • By presenting both the advantages and challenges of the National Cybersecurity Authority, the paper shows my skill in critically assessing policy proposals.
    • I consider potential conflicts between agencies, the need for interagency cooperation, and international concerns about cybersecurity militarization.
  4. Strategic Insight into Policy Design:
    • The discussion of resource investment, private-public collaboration, and education emphasizes my understanding of what effective cybersecurity policy entails.
    • The analysis reflects an ability to connect policy initiatives to practical implementation challenges and geopolitical dynamics.

Relevance to Research Skill

This paper exemplifies my ability to engage deeply with complex policy topics, showcasing analytical rigor and a strong foundation in research methodologies. The critical evaluation of both domestic and international dimensions of cybersecurity policy highlights my capacity for comprehensive, multi-level analysis.

Policy Analysis Paper 2

Kobe Trusty

Professor Demirel

CYSE 425W

12 February 2023

The political implications of the cybersecurity policy/strategy I have selected are far-reaching and complex. Politicians and policy makers have long been struggling to find a way to address the ever-growing threat of cyberattacks. They have concluded that the best way to protect the nation from these attacks is to create a comprehensive cybersecurity policy. This policy includes the National Cybersecurity Authority.

The National Cybersecurity Authority is responsible for coordinating the efforts of the various federal agencies tasked with protecting the nation’s critical infrastructure from cyberattacks. The Authority is responsible for developing and implementing a national cyber defense strategy. This strategy would aim to thwart cyberattacks by identifying and neutralizing vulnerabilities in the nation’s critical infrastructure. The Authority is also responsible for developing a cyber incident response plan to be used in the event of a major cyberattack.

The National Cybersecurity Authority has several political implications. First, it signifies a major commitment by the federal government to protecting the nation from cyberattacks. This would likely be seen as a positive step by most Americans. However, some would argue that the Authority would be yet another bureaucratic entity that would be ineffective in protecting the nation from cyberattacks. Second, the Authority is tasked with coordinating the efforts of the various federal agencies tasked with protecting the nation’s critical infrastructure. This could lead to tension and conflict between the various agencies, as each would be vying for a larger share of the Authority’s resources. Finally, the Authority is responsible for developing and implementing a national cyber defense strategy. This is a complex and difficult task, and there is a great deal of debate over what the best strategy is.

This policy requires a significant investment of resources from the government. The government would need to create a centralized agency to oversee cybersecurity and would need to provide funding for research and development of new security technologies. The government would also need to work with private companies to secure their networks and would need to provide training and education for individuals and organizations on how to protect themselves from cyberattacks.

The policy also gives the government a great deal of control over the nation’s cybersecurity. The government would be able to set standards for cybersecurity and would have the authority to enforce those standards. The government would also be able to access private data to investigate potential threats and would be able to take action to prevent or respond to cyberattacks.

However, the policy would also likely increase tensions between the United States and other nations. Other countries would see the United States as trying to militarize cyberspace and would be concerned about the government’s ability to access private data. The United States would need to work to build trust with other countries to prevent these tensions from escalating.

Works Cited

Arnold, D. (2014). The politics of cybersecurity. New York: Oxford University Press.

Dewar, G., & Forsyth, R. (2013). The politics of cybersecurity. London: Routledge.

Fisher, D. (2013). Cybersecurity and the politics of fear. Cambridge, MA: MIT Press.