SBM4304 - Uber's IS Security and Risk Management: A Detailed Report

Verified

Added on 2023/06/10

AI Summary

This report analyzes the information security and risk management strategies of Uber, a ride-based technology platform. It identifies vulnerabilities within Uber's information systems, particularly focusing on the 2016 data breach where personal information of drivers and riders was compromised due to developers uploading code with sensitive credentials to a repository website. The report discusses the potential effects of these vulnerabilities on system quality, including unauthorized data exposure and financial impacts. It emphasizes the importance of secure software development, robust security patches, and proper understanding of security impacts to mitigate future risks. The analysis underscores the need for Uber, and similar organizations using third-party services, to prioritize data protection and implement stringent security measures to safeguard user data and maintain system integrity. The report concludes by highlighting the importance of understanding the level of data exposure and implementing mitigation factors to reduce future system vulnerabilities.

Running head: IS SECURITY AND RISK MANAGEMENT BASED ON UBER
IS Security and Risk Management based on Uber
Name of the student
Name of the University
Author’s note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1IS SECURITY AND RISK MANAGEMENT BASED ON UBER
Table of Contents
1. Introduction..................................................................................................................................2
2. Discussion....................................................................................................................................2
2.1 Vulnerability of the Information Systems.............................................................................2
2.2 Effect of the Vulnerabilities on the Quality of the System....................................................3
3. Conclusion...................................................................................................................................4
4. References....................................................................................................................................5

2IS SECURITY AND RISK MANAGEMENT BASED ON UBER
1. Introduction
Uber is a ride based technology platform that mainly focuses on providing the best riding
experience of their customers. The application is mostly helpful for connecting with the riders
and their corresponding driver partners. The information systems that are used by Uber are
mainly used for the purpose of connecting the driver with the rider. These systems are also
designed in such a way for allowing the various operations within the business and the growth of
the organization. These information systems also help in analyzing the metrics of the rider and
driver in a proper manner (Peppard & Ward, 2016).
2. Discussion
2.1 Vulnerability of the Information Systems
In the context of information security, the vulnerability could be defined as a kind of
weakness that can be exploited by an attacker. This action is meant in order to perform some
form of unofficial actions within the computer system. Uber had also confronted a major form of
a data breach in the year 2016, in which the personal information of their drivers and riders were
compromised potentially (Lee, 2017).
In this form of the breach of data of the organization, the hackers had the potential to gain
access to the private information. This was made possible after the developers of the application
had uploaded the code to a repository website. This code was containing information about the
important credentials, which was being used by the hackers in order to log into distinct accounts
on the network of Uber. These kinds of sensitive data within the network were mainly hosted by
the servers of Amazon Web Service (AWS) (Laptev, Yosinski & Smyl, 2017).

3IS SECURITY AND RISK MANAGEMENT BASED ON UBER
The development of a secure software and the maintenance of the software is a difficult
task especially for the security specialists who hold the responsibility of understanding the
concepts of security. With the rise in such cases that lead to cases of vulnerability within the
systems of Uber, it could be claimed that there is some amount of lack within the training and
education based on an implementation of the security (Maheshwari, 2017). Such kind of systems
such as Uber should be designed in such a manner that they would be able to implement higher
security patches within the main application. The primary applications mainly hold the basic
details of the customer. Designing a higher security patch would be very much helpful to secure
the vital information of the customers as well as the company. Based on the vulnerability of their
systems, Uber has realized that the need for the design of secure systems is a crucial task and it
should be done with utmost care and higher responsibility (Rogers, 2015).
2.2 Effect of the Vulnerabilities on the Quality of the System
The breach of data at Uber Technologies Inc. should be held as a vital lesson for the
software developers who primarily make use of third-party services for the purpose of storing
and sharing the code. In the activity of the data breach, Uber had lost records of nearly 57 million
drivers and customers. The hackers had gained access to the password protected area and this has
resulted in the data breach.
Based on the vulnerability of the Uber systems, it could be said that there would be a
major impact on the exposure of the user data without an authorized permission of the user.
There is also the possibility of monetary based impact. The impact would lead to the leak of the
payment details of the customer through which the hackers would be able to steal money. A
proper way of understanding of the impacts on the security would be extremely helpful for

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4IS SECURITY AND RISK MANAGEMENT BASED ON UBER
controlling the multiplying factors that lead to the vulnerability of attacks on the system
(Mirsadikov, Harrison & Mennecke, 2016).
3. Conclusion
Based on the consideration of the impact on security against vulnerability, it would be
highly essential to understand the level of exposure of the data and the potential victims of the
incident. The factors of mitigation would be highly useful in deciding the course of actions that
would be taken by the security specialists. Hence the vulnerability on the systems should be
taken into consideration and should be dealt with properly for reducing the future effects on the
systems of Uber.

5IS SECURITY AND RISK MANAGEMENT BASED ON UBER
4. References
Laptev, N., Yosinski, J., Li, L. E., & Smyl, S. (2017). Time-series extreme event forecasting with
neural networks at Uber. In International Conference on Machine Learning (No. 34, pp.
1-5).
Lee, D. (2017). Uber concealed huge data breach. Retrieved January, 28, 2018.
Maheshwari, N. (2017). Uber taxi cab-handling crisis communication. Emerald Emerging
Markets Case Studies, 7(4), 1-17.
Mirsadikov, A., Harrison, A., & Mennecke, B. (2016). Tales From the Wheel: An IT-Fueled
Ride as an UBER Driver.
Peppard, J., & Ward, J. (2016). The strategic management of information systems: Building a
digital strategy. John Wiley & Sons.
Rogers, B. (2015). The social costs of Uber. U. Chi. L. Rev. Dialogue, 82, 85.