CYSE 300

Introduction to Cybersecurity

This course provides an overview of the field of cybersecurity. It covers core cybersecurity topics including computer system architectures, critical infrastructures, cyber threats and vulnerabilities, cryptography, information assurance, network security, and risk assessment and management. Students are expected to become familiar with fundamental security concepts, technologies, and practices. This course provides a foundation for further study in cybersecurity.

I completed a research paper titled “Marriott Under Fire,” which examined the 2018 data breach involving Marriott International and the Starwood hotel chain. This attack compromised the personal data of approximately 500 million guests due to vulnerabilities in outdated reservation systems and poor data management during the merger.

Marriot Under Fire

Data breaches are increasingly common in today’s digital landscape. According to IBM, a
data breach is any security incident where unauthorized parties gain access to sensitive or
confidential information, such as personal data (e.g., Social Security numbers, bank account
details, healthcare data) and corporate data (e.g., customer records, intellectual property,
financial information). A significant cybersecurity breach occurred in 2018 when Marriot
International experienced an external malware attack that exposed personal information of
approximately 500 million guests.
Marriott International bought Starwood in 2016. In 2018, the Starwood Preferred Guest
program merged with the Marriott loyalty program. However, the attack on the Starwood
database occurred due to trojan malware exploiting vulnerabilities in their outdated Microsoft
point-of-sales reservation system, highlighting the system’s security weaknesses. Hackers would
attack a hotels system because of its details dealing with personal information (names, dates of
births, credit card info, and addresses of their customers) and the simple fact that most customers
use the same password for multiple accounts it makes it easier for a hacker to access other
accounts. Another vulnerability of the hospitality industry is their relaxed security mechanisms
making it easy for hackers to get inside their systems.” On September 7, 2018, a contractor
named Accenture, who supports and manages the databases of Starwood Hotels and Resorts for
Marriott International, noticed an unusual SQL query” (Amanulla, Niyaz 2024). This
observation prompted them to let Marriott International know.
The aftermath of this monstrous attack led to Marriotts’ brand going through great losses
that affected their revenue and reputation due to the corporation’s negligence in discovering the
incident in the first stages of the merger which led to them being victims of the second largest
Johnson 3
data breach. Marriot ended up paying a huge fine due to the implementation of the General Data
Protection Regulation (Manglani 2024). Meanwhile the Customers lost trust in the luxurious
company once they were informed of the data breach, and the fact that Starwood has had
experience with data being leaked to the Darknet.
Security measures that could have been used to prevent the attack from happening are
deploying data leak prevention and prevention mechanisms where UpToDate servers and
equipment could have been installed to better prepare for an attack. Marriot could have
conducted a background check on Starwood and seen they have been attacked before and could
have corrected the issue before the merger. Customer awareness could have helped by customers
having stronger passwords and 2 factor authentication making it harder for hackers to access
their data.
Even after data breaches are common now days this study has made me aware of how to
prevent my own personal information from being hacked, also how cyberattack can grow when it
goes undetected and neglected by companies. Hackers are getting smarter by the day, so our job
is to stay sharp by raising awareness of the newest information and keeping up to date equipment
to mediate these efforts.

Lab Report: Using Active Directory in the Enterprise

Student Name: Stevie Johnson
Course: Cybersecurity Fundamentals
Institution: Old Dominion University
Lab Title: Using Active Directory in the Enterprise
Date Completed: [Apr 25, 2025]

Overview

Active Directory (AD) is a critical component in enterprise-level Windows environments, serving as a centralized database for managing users, computers, groups, and other resources across a network. Through Active Directory, administrators can enforce security policies, streamline user access, and maintain consistent configurations across systems.

This lab focused on exploring the structure and functionality of Active Directory, including the creation and management of AD objects, organizational units (OUs), and Group Policy Objects (GPOs). We simulated real-world administrative tasks typically performed by Windows system administrators.

Results and Analysis

  • Successfully created and managed OUs to reflect organizational structure.

  • Demonstrated the ability to create user accounts and groups, simulating real administrative environments.

  • Observed how GPOs take precedence when multiple policies are applied and how inheritance can be blocked or filtered.

  • Validated GPO application using user login tests and command-line tools, confirming that restrictions were properly enforced.