Cybersecurity Research Paper (15 points)

Select a research topic from the list below. After selecting your topic, research the incident using news articles, magazine articles (trade press), journal articles, and/or technical reports from government and industry.

·  For a grade of A, a minimum of five authoritative sources (not including course modules and the course textbook) are required.

·  For a grade of B, a minimum of four authoritative sources (not including course modules and the course textbook) are required.

·  For a grade of C, a minimum of three authoritative sources (not including course modules and the course textbook) are required.

Your research is to be incorporated into a 3- to 5-page written analysis of the attack or incident. Your report is to be prepared using APA formatting and submitted as an MS Word attachment to the Cybersecurity Research Paper entry in your assignments folder.

Pre-approved topics include

·  Adobe Source Code & Customer Data hacked (2013)

·  APT1 (see Mandiant report of People’s Liberation Army cyberattacks)

·  Cryptolocker Ransomware (2013)

·  DigiNotar Certificate Theft / Compromise (detected in 2011)

·  HomeDepot data breach (2014)

·  Operation High Roller (detected in 2012)

·  Gameover ZeuS botnet (countered by Operation Tovar; made public in 2014)

·  RSA SecurID breach (2011)

·  Target data breach (2013/2014)

·  Telephone Tech Support Scam (2014) see http://www.ic3.gov/media/2014/141113.aspx

You may propose an alternate topic for your instructor’s approval. Approval is NOT guaranteed. Your request for approval should be posted as a message in the Ask Your Instructor conference.

1. Short Topic Name

2. URL for news article about the security incident or attack that you will research for your paper

3. URL for a second authoritative Internet resource that you will use to provide information about your chosen security incident or attack.

Ideas for additional topics can be found on various security-related websites, including

·  ID Theft Resource Center (2014 Data Breach Report) http://www.idtheftcenter.org

·  Bruce Schneier on Security http://www.schneier.com/blog/

·  Carnegie-Mellon CERT: http://www.cert.org/insider_threat/study.html

·  CSO Online: http://www.csoonline.com/

·  Data Breach Today http://www.databreachtoday.com

·  SC Magazine: http://www.scmagazine.com/

·  Symantec: http://www.symantec.com/threatreport/

·  US-CERT: http://www.us-cert.gov/security-publications/#reports

After you have performed your research, use your sources to analyze the major characteristics of the cybersecurity incident. Your analysis must include:

·  identifying the type of breach

·  identifying and explaining how the breach occurred (or suspicions by authorities as to how it may have occurred)

·  identifying and discussing known or suspected losses of confidentiality, integrity, and availability for information and/or information systems

·  identifying and discussing technological improvements that would help prevent recurrence

Grading Rubric: the detailed rubric is attached to the assignment folder entry for this paper.