Part 2: Rekt Casino Hack - What?! There are Critical Security Controls We Should Follow?

SANS Institute · Beginner ·🧠 Large Language Models ·5y ago
The fictitious Rekt Casino fell victim to a ransomware attack which resulted in personal identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with properly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino, we are going to identify when the transition from the old school approach of information security could have been transitioned to the enterprise risk management approach. The mistake organizations often make is to focus on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of what the threats actually are. Its as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet. If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, employees approach to protecting company assets, or even attending security-related conferences, they would have gotten the message that security had become a critical concern due to the threat landscape. Its not enough to acknowledge that security requires more attention, you also have to act on that knowledge. In this Part 2 of 4 webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protections, and the outcome. Then we will dive deep into what could have been done to prevent the breach from occurring in the first place in regards to the Critical Security Controls. We will dive into topics such as: -What are the CIS Critical Security Controls -How Rekt Casino could have used the CSC to its advantage Speaker Bio James Tarala is a principal consultant with Enclave Security based out of Venice, Florida, and a SANS Senior Instructor. As a consultant, he has spent t
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from SANS Institute · SANS Institute · 0 of 60

← Previous Next →
1 SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS Institute
 2 SANS Institute Cybersecurity Training Customer Stories
SANS Institute Cybersecurity Training Customer Stories
SANS Institute
 3 SANS Institute UK Cyber Academy
SANS Institute UK Cyber Academy
SANS Institute
 4 SANS Institute UK Cyber Academy
SANS Institute UK Cyber Academy
SANS Institute
 5 CISSP® Prep Exam, MGT414, by SANS Institute
CISSP® Prep Exam, MGT414, by SANS Institute
SANS Institute
 6 SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute
 7 Information Security Training from SANS Institute - Student Testimonials
Information Security Training from SANS Institute - Student Testimonials
SANS Institute
 8 SANS NetWars
SANS NetWars
SANS Institute
 9 SANS DFIR NetWars
SANS DFIR NetWars
SANS Institute
 10 Hack The Drone - SANS Cyber Academy UK
Hack The Drone - SANS Cyber Academy UK
SANS Institute
 11 SANS VetSuccess Immersion Academy
SANS VetSuccess Immersion Academy
SANS Institute
 12 SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Institute
 13 The 2015 SANS Holiday Hack Challenge
The 2015 SANS Holiday Hack Challenge
SANS Institute
 14 SANS VetSuccess Academy: Hands-on Skills
SANS VetSuccess Academy: Hands-on Skills
SANS Institute
 15 SANS VetSuccess Academy Overview
SANS VetSuccess Academy Overview
SANS Institute
 16 SANS ICS Security Summit & Training 2017
SANS ICS Security Summit & Training 2017
SANS Institute
 17 Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
SANS Institute
 18 WannaCry recap, patches, and analysis
WannaCry recap, patches, and analysis
SANS Institute
 19 If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
SANS Institute
 20 Graduation Day - SANS HM Gov Cyber Retraining Academy
Graduation Day - SANS HM Gov Cyber Retraining Academy
SANS Institute
 21 Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
SANS Institute
 22 SANS Data Breach Summit & Training 2017
SANS Data Breach Summit & Training 2017
SANS Institute
 23 SANS Secure DevOps Summit & Training 2017
SANS Secure DevOps Summit & Training 2017
SANS Institute
 24 How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
SANS Institute
 25 SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Institute
 26 SANS Cybersecurity Programs for the Department of Defense
SANS Cybersecurity Programs for the Department of Defense
SANS Institute
 27 SANS Pen Test HackFest Summit & Training 2017
SANS Pen Test HackFest Summit & Training 2017
SANS Institute
 28 SANS SIEM & Tactical Analytics Summit & Training
SANS SIEM & Tactical Analytics Summit & Training
SANS Institute
 29 If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
SANS Institute
 30 SANS Institute
SANS Institute
SANS Institute
 31 ICS515: ICS Active Defense and Incident Response
ICS515: ICS Active Defense and Incident Response
SANS Institute
 32 SANS Institute
SANS Institute
SANS Institute
 33 Introducing the NEW SANS Pen Test Poster
Introducing the NEW SANS Pen Test Poster
SANS Institute
 34 SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute
 35 SANS ICS Security Training, Munich, Germany
SANS ICS Security Training, Munich, Germany
SANS Institute
 36 SANS Automotive Summit Webcast
SANS Automotive Summit Webcast
SANS Institute
 37 Privesc Playground - SANS Pen Test HackFest Summit 2017
Privesc Playground - SANS Pen Test HackFest Summit 2017
SANS Institute
 38 Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
SANS Institute
 39 Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
SANS Institute
 40 SANS Security Operations Summit & Training 2018
SANS Security Operations Summit & Training 2018
SANS Institute
 41 Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018
Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018
SANS Institute
 42 ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
SANS Institute
 43 You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
SANS Institute
 44 A Sneak Peak at the New ICS410
A Sneak Peak at the New ICS410
SANS Institute
 45 Jumping Air Gaps – SANS ICS Summit 2018
Jumping Air Gaps – SANS ICS Summit 2018
SANS Institute
 46 Introduction to Linux
Introduction to Linux
SANS Institute
 47 Introduction to Malware Analysis
Introduction to Malware Analysis
SANS Institute
 48 You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
SANS Institute
 49 Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
SANS Institute
 50 Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Institute
 51 Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
SANS Institute
 52 SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Institute
 53 SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Institute
 54 The Science of Security: The Psychological Impacts of Security Awareness Programs
The Science of Security: The Psychological Impacts of Security Awareness Programs
SANS Institute
 55 How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
SANS Institute
 56 Practical Advice for Submitting to Speak at a Cybersecurity Conference
Practical Advice for Submitting to Speak at a Cybersecurity Conference
SANS Institute
 57 SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Institute
 58 SANS Webcast - Zero Trust Architecture
SANS Webcast - Zero Trust Architecture
SANS Institute
 59 SANS STX Cyber Range
SANS STX Cyber Range
SANS Institute
 60 Part 1 – SANS Institute and Tenable talk about cloud security
Part 1 – SANS Institute and Tenable talk about cloud security
SANS Institute

Related AI Lessons

OpenAI Just Unleashed GPT-5.5 — And It Signals the Next Phase of AI
OpenAI's GPT-5.5 signals a shift towards practical AI applications in the real world
Medium · AI
GPT-5.5 Pro Sustains 2-Hour Bug Fixing Sessions
GPT-5.5 Pro sustains 2-hour bug fixing sessions with consistent performance, improving reliability for long-running tasks
Dev.to AI
Big Tech firms are accelerating AI investments and integration, while regulators and companies focus on safety and responsible adoption.
Big Tech firms are investing billions in AI infrastructure, driving growth and transformation in the field, with a focus on safety and responsible adoption
Dev.to AI
The ICCSSE Framework: How to Write AI Prompts That Actually Work
Learn the ICCSSE Framework to craft effective AI prompts that work, overcoming common pitfalls like lack of identity and structure
Dev.to AI
Up next
5 Levels of AI Agents - From Simple LLM Calls to Multi-Agent Systems
Dave Ebbelaar (LLM Eng)
Watch →