In $2016,$ Uber experienced a significant data breach that exposed the personal

information of $57$ million riders and drivers. The attackers gained access to Uber's

systems through a third$-$party cloud$-$based service and downloaded sensitive data,

including names, email addresses, and phone numbers. Uber initially attempted

to cover up the breach by paying the attackers a $$100,000$ ransom, but the

incident was eventually exposed, leading to significant reputational damage and

regulatory scrutiny.

YOUR TASK

You are a cybersecurity incident responder hired by Uber to assess the situation

and recommend improvements to their security operations and incident response

capabilities. Your task is to analyse the incident and develop a comprehensive

report that addresses the following questions:

$1.$ Evaluate the effectiveness of Uber's security operations center $($SOC$)$ in

detecting and responding to the data breach. What could have been done

differently to identify the breach earlier and minimize its impact?

$2.$ Discuss the role of security information and event management $($SIEM$)$ in

threat detection and incident response. How could Uber have leveraged

SIEM to better detect the unauthorized access and data exfiltration?

$3.$ Analyse Uber's incident response planning and execution in this scenario.

Were their incident response procedures adequate? What steps could

have been taken to improve their response and contain the breach more

effectively?

$4.$ Discuss the importance of digital forensics and evidence handling in

investigating and responding to data breaches. How could Uber have

utilized digital forensics to gather evidence, identify the attackers, and

understand the full extent of the compromise?

$5.$ Recommend specific measures that Uber should implement to enhance

their security operations, incident response capabilities, and overall

cybersecurity posture. Consider both technical controls $($e$.$g$.,$ SIEM, EDR,

threat intelligence$)$ and organizational measures $($e$.$g$.,$ incident response

plans, training, communication protocols$).$

WORKSHOP INSTRUCTIONS

$1.$ Thoroughly research the Uber data breach, gathering information from

credible sources such as news articles, official reports, and cybersecurity

analyses.

$2.$ Review the relevant sections of Module $8,$ focusing on security operations

center $($SOC$)$ fundamentals, security information and event management

$7019$ICT Cyber Security Risk Management

$20$

$($SIEM$),$ incident response planning and execution, digital forensics and

evidence handling, and continuous monitoring and threat detection.

$3.$ Analyse the Uber incident through the lens of security operations and

incident response, identifying the key weaknesses and areas for

improvement.

$4.$ Develop a comprehensive report that addresses the questions outlined

above, providing clear explanations, supporting evidence, and actionable

recommendations.

WORKSHOP WRITE$-$UP STRUCTURE

Use the following structure for your report:

Introduction

$$ Briefly summarize the Uber data breach and its impact.

Security Operations Centre $($SOC$)$

$$ Evaluate the effectiveness of Uber's SOC in detecting and responding to the breach.

$$ Recommend improvements to their SOC processes and capabilities.

Security Information and Event Management $($SIEM$)$

$$ Discuss the role of SIEM in threat detection and incident response.

$$ Explain how Uber could have leveraged SIEM to better detect the breach.

Incident Response Planning and Execution

$$ Analyse Uber's incident response procedures and their execution.

$$ Recommend improvements to their incident response plan and processes.

Digital Forensics and Evidence Handling

$$ Discuss the importance of digital forensics in investigating data breaches.

$$ Explain how Uber could have utilized digital forensics to gather evidence

and understand the compromise.

Recommendations

$$ Provide actionable recommendations for Uber to enhance their security

operations, incident response capabilities, and overall cybersecurity

posture.

Conclusion

$$ Summarize your findings and emphasize the importance of robust

security operations and incident response in mitigating the impact of data

breaches.Your report should be approximately $600$ words in length and be written in the

workshop template provided on the course website. Support your analysis with

evidence from the case study and your research.