Uber IT Security Plan Outline: Forensics and CSIRT Strategy

Verified

Added on 2023/06/09

AI Summary

This report provides a security plan outline for Uber, focusing on key areas such as identity management, security awareness training, and the development of forensics and Computer Security Incident Response Team (CSIRT) strategies. The identity management section emphasizes the importance of authenticating users (drivers and customers) and proposes coherent training methods to educate them about security measures within the Uber app. The CSIRT strategy discusses how to track and analyze security breaches, highlighting the need to address issues like fake riders and unfairly identified drivers. By implementing these strategies, Uber can enhance the safety and security of its services, ensuring the protection of both its customers and service providers. The document concludes with a list of references used in formulating the security plan outline.

Running head: SECURITY PLAN OUTLINE
Security Plan Outline
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1SECURITY PLAN OUTLINE
1. Identity management and security awareness training plan strategy
Identity management or the common term ID Management is a process for an
organization utilized for identifying, authorizing and authenticating people in individual terms
(Abraham & Pane, 2014). In case of the Uber cabs, it is essentially necessary that the ID
management be fulfilled by Uber Cabs themselves so that none of the service providers, that is
the drivers and the customers are harmed in any way. The people has to be made aware of the
situation that ID Management hold and the security implications or controls that Uber Cabs hold.
Following is a strategic plan to infiltrate the people with ID Management and Security
Awareness for Uber:
 Conducting the training in a coherent way: The customer and service provider
for Uber is an amalgamation of a varied range of people comprising of different
geographical zone and linguistics. Therefore, it needs to be chalked out to have
the easiest and cohesive way that the training can be provided to all the people.
 Prioritizing the risks: The training should be dependent on the severity of the
risks that occur in the organization with a driver and the customer. The knowledge
about threats and other issues needs to be transferred well to make sure if the
issue had been deliberate or accidental.
 Making people be aware of the security measures in the Uber mobile app:
There are several features in the Uber mobile app for Android and iOS
environments for security breaching issues (Fitzgerald, 2016). The people have to
be made aware of the features and the correct way of utilizing them for their own
benefit in dire situations of security breaching. This depends totally on human
discretion.

2SECURITY PLAN OUTLINE
2. Develop the forensics and CSIRT plan strategy
The development of a forensics and Computer Security Incidence Response Team or
CSIRT is an organizational feature that has the ability of tracking down security breaches, carries
out the analyses based on that, and provides feedback to the senders. Uber faces many challenges
regarding this with the possibility of fake riders as well as unfairly identified drivers designated
for providing services to people (Rana et al., 2017). This risk is to be immediately eradicated to
stop being further problematic for the company. The organization of Uber can apply various
strategy to implement a CISRT and Forensics team to ensure public safety through the proper
evaluation of the identities of the drivers as well as the riders. The response teams, who are
dedicated, can function as parent organization’s substrate. This can function within a
government, a university, a corporation, or a research network.
It can be found that CSIRTs make available services that are paid based on service level
agreements or SLAs or on an on-demand basis (Kitchin, 2016). Sectoral, national or
governmental CSIRTs oversee and execute network activities in case of larger sectors or
infrastructures that are critical enough. This can be introduced as a strategy to the organization
that would ensure the evaluation of the identification proofs in the most effective and secured
way. It would help in authenticating a rider or a driver for the organization.
The following strategies might be able to put some insights on how the Forensics and
CISRT should be implemented in Uber Cabs for ensuring the safety of a passage as well as a
driver who is providing service to the customers on behalf of the organization.

3SECURITY PLAN OUTLINE
References
Abraham, J., & Pane, M. M. (2014, April). The mediating role of social competition identity
management strategy in the predictive relationship between susceptibility to social
influence, Internet privacy concern, and online political efficacy. In Information and
Communication Technology-EurAsia Conference (pp. 492-499). Springer, Berlin,
Heidelberg.
Fitzgerald, T. (2016). Information security governance simplified: from the boardroom to the
keyboard. CRC Press.
Kitchin, R. (2016). Getting smarter about smart cities: Improving data privacy and data security.
Rana, N., Sansanwal, G., Khatter, K., & Singh, S. (2017). Taxonomy of Digital Forensics:
Investigation Tools and Challenges. arXiv preprint arXiv:1709.06529.