Part 1: Rekt Casino Hack - Business Security Strategy, Policies, and Leadership Gone Wrong
The fictitious Rekt Casino fell victim to a ransomware attack which resulted in personal identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with properly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino, we are going to identify when the transition from the old school approach of information security could have been transitioned to the enterprise risk management approach.
The mistake organizations often make is to focus on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of what the threats actually are. Its as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet.
If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, employees approach to protecting company assets, or even attending security-related conferences, they would have gotten the message that security had become a critical concern due to the threat landscape. Its not enough to acknowledge that security requires more attention, you also have to act on that knowledge.
In this Part 1 of 4 webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protections, and the outcome. Then we will dive deep into what could have been done to prevent the breach from occurring in the first place in regards to business security strategy and policies. We will dive into topics such as:
-Foundations of Strategic Planning
-Strategic Roadmap Design
-Security Policy Development and Continual Assessment
-Leadership Competencies
Register now for the other webcasts in the series!
Part 2: Weak Security Program, Unprotected Systems, and Poor Detection & Response - https://www.sans.org/u/1aNN
Part 3: Feeble Security Culture Disconnected from Business Objectives - https://www.sans.org/u/1aNS
Part 4: Rekt Casino Hack Assessment Transformational Series: Pulling It All Together - https://www.sans.org/u/1aNX
Speaker Bio
Joe Sullivan has over 20 years of experience in information security. Joe is Principal Consultant at Rural Sourcing in Oklahoma City where he manages and develops the security consulting services and the teams that provide them. Over his career Joe has worked in incident response, penetration testing, systems administration, network architecture, forensics, and is a private investigator specializing in computer crime investigations. Joe teaches MGT514: Security Strategic Planning, Policy, and Leadership.
#cybersecurity #securityleadership
Видео Part 1: Rekt Casino Hack - Business Security Strategy, Policies, and Leadership Gone Wrong канала SANS Institute
The mistake organizations often make is to focus on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of what the threats actually are. Its as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet.
If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, employees approach to protecting company assets, or even attending security-related conferences, they would have gotten the message that security had become a critical concern due to the threat landscape. Its not enough to acknowledge that security requires more attention, you also have to act on that knowledge.
In this Part 1 of 4 webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protections, and the outcome. Then we will dive deep into what could have been done to prevent the breach from occurring in the first place in regards to business security strategy and policies. We will dive into topics such as:
-Foundations of Strategic Planning
-Strategic Roadmap Design
-Security Policy Development and Continual Assessment
-Leadership Competencies
Register now for the other webcasts in the series!
Part 2: Weak Security Program, Unprotected Systems, and Poor Detection & Response - https://www.sans.org/u/1aNN
Part 3: Feeble Security Culture Disconnected from Business Objectives - https://www.sans.org/u/1aNS
Part 4: Rekt Casino Hack Assessment Transformational Series: Pulling It All Together - https://www.sans.org/u/1aNX
Speaker Bio
Joe Sullivan has over 20 years of experience in information security. Joe is Principal Consultant at Rural Sourcing in Oklahoma City where he manages and develops the security consulting services and the teams that provide them. Over his career Joe has worked in incident response, penetration testing, systems administration, network architecture, forensics, and is a private investigator specializing in computer crime investigations. Joe teaches MGT514: Security Strategic Planning, Policy, and Leadership.
#cybersecurity #securityleadership
Видео Part 1: Rekt Casino Hack - Business Security Strategy, Policies, and Leadership Gone Wrong канала SANS Institute
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
SOLARWINDS – A SANS Lightning SummitMoving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC TalkCan People Hack Nuclear Plants?Making Sense of Social Security with Mary Beth FranklinChina's security and foreign policies - Part 1Defending Critical InfrastructureNext-Level App Hacking: Threat Modeling for Better AttacksHow Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017Network Security 101: Full WorkshopMoving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC TalkBuild it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018Hacking Your Brain: Using Proven Psychology Techniques to Set and Smash GoalsCybersecurity is Like Ice Cream. There Are a Whole Lot of FlavorsWarren Buffett reveals his investment strategy and mastering the marketLong covid: diagnosis, management, prognosisDNS: What It Is, What It Does, and How to Defend ItStarting a Career as an Ethical HackerRipple v SEC Security Claim Perspective from Attorney Jesse Hynes regarding XRP the Crypto AssetThe most important lesson from 83,000 brain scans | Daniel Amen | TEDxOrangeCoastDecentralized Finance: The Future of Currencies - Robert Kiyosaki and Jeff Wang