In order to solve many of today’s modern information security use-cases, organizations have evolved from making decisions based on information gleaned from silo-ed security solutions, towards making more intelligent risk decisions based on shared security intelligence. However, integrating vulnerability scanning results into one’s security ecosystem involves a serious hidden challenge which results in heinous consequences, thereby killing your InfoSec program. The consequences of such a crime include inaccurate security risk gauge, IT Ops overhead, and even missed data breaches.
This session shares clues on this challenge, step by step, in the form of a Murder Mystery game, ultimately revealing the culprit as well as strategies to overcome it.
The presentation models the game “Clue.” Security solutions such as Vulnerability Management, Incident Response, SIEM, and more, are paralleled to the suspects of the game Clue, such as Ms. Scarlett, Prof. Plum, and Colonel Mustard; technologies are mapped to the weapons such as the Candlestick, the Wrench, the Rope; and the IP addresses in your network parallel Clue’s rooms such as the Library, the Study and the Billiard Room. The audience participates in the game, up until the point where the challenge and the mystery is revealed. Consequences, solutions and alternatives are then explored.
Come learn and participate, play, and interact! Try to guess “who-dunnit,” and learn how to avoid future similar InfoSec crimes.