Rekt Casino Hack Assessment Transformational Series Business Security Strategy, Policies, and Leadership Gone Wrong
Wednesday, February 03, 2021 at 11:59 AM EST (2021-02-03 16:59:00 UTC)
- Joe Sullivan
You can now attend the webcast using your mobile device!
The fictitious Rekt Casino fell victim to a ransomware attack which resulted in personal identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with properly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino, we are going to identify when the transition from the old school approach of information security could have been transitioned to the enterprise risk management approach.
The mistake organizations often make is to focus on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of what the threats actually are. Its as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet.
If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, employees approach to protecting company assets, or even attending security-related conferences, they would have gotten the message that security had become a critical concern due to the threat landscape. Its not enough to acknowledge that security requires more attention, you also have to act on that knowledge.
In this webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protections, and the outcome. Then we will dive deep into what could have been done to prevent the breach from occurring in the first place in regards to business security strategy and policies. We will dive into topics such as:
- Foundations of Strategic Planning
- Strategic Roadmap Design
- Security Policy Development and Continual Assessment
- Leadership Competencies
Dont wait! Register now for the other webcasts in the series!
- Weak Security Program, Unprotected Systems, and Poor Detection & Response
- Feeble Security Culture Disconnected from Business Objectives
- Rekt Casino Hack Assessment Transformational Series Pulling It All Together
Joe Sullivan has over 20 years of experience in information security. Joe is a principal consultant at Rural Sourcing in Oklahoma City where he manages and develops the security consulting services and the teams that provide them. Over his career Joe has worked in incident response, penetration testing, systems administration, network architecture, forensics, and is a private investigator specializing in computer crime investigations. Joe and his wife, Cathy, also operate Crossroads Information Security, which provides Service Now consulting, Virtual CISO, and defensive network security consulting. Joe teaches the following classes for the SANS Institute: MGT514: Security Strategic Planning, Policy, and Leadership and MGT512: Security Leadership Essentials For Managers.
Need Help? Visit our FAQ page or email [email protected]
Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.