IuSeetions for the Breach Report ch Paper
See attached document for details.
IT is a course that considers various aspects of computer and information security operations with the goal of elevating these concepts to the national infrastructure level. One consideration of analysis is to investigate lessons learned regarding historical large-scale security breaches that have taken place at the industry level. The Breach Report Paper is a short research exercise in which you are asked to find and become acquainted with one large-scale data breach or hacking crime that has been highlighted in the media. Then compare the outcome of events during that breach with one of the National Cyber Security Methodology Component principles from Chapter 1 (listed on slide 12 in the chapter 1 slide deck PDF).
What is being researched?
You are to find one data breach event highlighted by the media that was a strong example of a cyber-attack or hacking event.
· Your choice must be within the past 6 years. Please see “My Favorites” below for some examples, and feel free to use the examples for your own paper.
· Your choice must be a large event that was publicly reported by major news media such as NBC news online or the New York Times online.
· Do NOT choose a scholarly article for the event. Do NOT pick passages from textbooks and other hardcopy media. Do NOT take information from Wikipedia. Your grade will be lowered if I cannot access the original news article over the Internet.
· Pick an event that is well-documented. Do NOT pick obscure articles such as a cyber event in Buford, Wyoming, the smallest town in America (population: 1). Again, use the My Favorites list below as a starting point if you are having trouble choosing a good cyber breach or hacking event.
What are you comparing?
A. As stated above, you are to pick one cyber-attack. Let’s say you choose the Capital One cyber-attack from 2019 in which a software engineer obtained the personal data of over 100 million people.
B. Next, choose ONE of the operational principles from Chapter 1 in our textbook … Deception, Awareness, Depth, Diversity, Separation… whichever one you like. As an example, let’s say you pick the Awareness principle. Our textbook states that Situational Awareness is “the collective real-time understanding within an organization of its security risk posture.” In other words, Awareness is an organization’s knowledge of their security strengths and weaknesses (and we hope they are focused on improving their weaknesses).
How do you synthesize your argument?
Using the above example, if you picked Capital One & Awareness, then your paper should (A) highlight what happened in the attack and (B) speculate how Capital One failed to “be aware” of the hole in their network security that allowed the hack to occur. Lastly, (C) if you picked Awareness, then argue why Cyber Security Awareness is important and defend your argument by referencing at least one peer-reviewed scholarly article.
So, in Summary…
1. Pick a recent cyber attack.
2. Reference at least one news article (non-scholarly) about the attack.
3. Pick a National Cyber Security principle (like Awareness).
4. Reference at least one scholarly article that backs up your chosen principle.
5. Synthesize how the company failed to comply to the principle. Typically, in these news articles security experts will outline what happened in the attack and what the company failed to do. If there is an expert response, you can tie the response to one of the principles.
If there is no expert response or input, then you are welcome to “speculate” on what the company did wrong. Remember you don’t work for the company so you don’t know what’s really going on there. Therefore, for the purposes of writing the paper, speculation is OK.
Scope & Format of the Project
The scope and format your paper should be:
· 500-900 words. Microsoft Word. Double-spaced, Arial or Calibri font, APA format. Do NOT write a giant paper that will take me forever to grade please. Do NOT send me a virus-infected file.
· Introduce the article. What happened and who was involved?
· Make sure you thoroughly summarize what happened – what was stolen or compromised. What were the damages or losses if any? If the event was a solved crime, who were the criminal(s)?
· Your paper needs a minimum of two references in the bibliography:
ü At least one news article reference about the event.
ü At least one peer-reviewed scholarly article promoting the principle.
· You can submit your paper in the classroom in the Breach Report assignment (in the CONTENT folder) or you can email it to me.
APA 6th Edition Writing Format
Doctoral-level, scholarly writing style is expected for this assignment. As PhD students, your ability to produce perfection in APA-formatted research will be heavily scrutinized; especially in the dissertation phase of your program. Keep in mind that your dissertation research will undergo scientific merit review, it will have to contribute to the global body of knowledge in a positive manner, and will have to be written in a quality of writing style high enough that the University is willing to put its name on your research when published. If you are uncomfortable with the APA6 format, now is the time during the classroom portion of your studies to learn it. APA-style writing is the global standard for academic research. Learn it… Know it… Live it. Your paper is expected to conform 100% to the 6th edition of the APA Publication Manual.
ALL OF YOUR WRITING MUST BE IN YOUR OWN WORDS. IF YOU COPY AND PASTE TEXT DIRECTLY FROM YOUR RESEARCH ARTICLES, YOU ARE GUARANTEED TO RECEIVE A ZERO GRADE.
Please heed this warning seriously. There will not be any make-ups or second tries. I will pass your writing through Safe Assign. Please make sure your writing is original.
My Favorites ????
If you’re having trouble finding a good article, you may want to consider some of my top favorite security bungles and crimes listed below. Feel free to pick any one of them or your own. These are all national- or world-wide scale events in commercial industry, latest first:
Capital One Breach – 2019
Facebook Breach – 2018
Under Armour Breach – 2018
Marriott Breach – 2018
· NEW: Breach now tied to Chinese professional hackers:
Equifax Data Breach – 2017
Panera Bread Breach – 2017
Wannacry Ransomware Attack – 2017
The Sony Pictures Hack – 2014:
Home Depot Breach – 2014