Chat with us, powered by LiveChat Reacher case ‘MGM resorts security breach 2023’ 1. ?please use the framework to - Wridemy Bestessaypapers

Reacher case ‘MGM resorts security breach 2023’ 1. ?please use the framework to

Reacher case "MGM resorts security breach 2023"

MGM Resorts confirms hackers stole customers’ personal data during cyberattack


 please use the framework to analyze the security breach that you picked for your final report.  

Follow the structure defined in the anatomy framework, research and collect facts for the following category:


Threat agent







Using the following matrices to evaluate the disclosure:



Management Involvement

How complete was the disclosure?  what aspects of breach were disclosed (Threat – threat agent – vulnerability – actual breach – discovery – investigation – impact – remediation)? 

How timely was the disclosure?  Did it provide adequate time references for evaluation (report lag, discovery lag, investigation lag, remediation lag)?

Did management involve themselves in the disclosure? (signature of C-suite executives)

You may also consider other aspect to evaluate the disclosure.

The research notes does not need to be written in full paragraphs, you may use bullet points to summarize your findings.

Lecture – Unit 5 The Anatomy of a Cybersecurity Event

ACCT 855

Seminar in Cybersecurity Audit and Disclosure

Dr. Tien Lee, Ph.D., PMP, CISA, CISSP [email protected] | (415)644-TIEN San Francisco State University Lam Family College of Business

Last Week…

Need of Audit Standards

auditor’s conduct

auditor’s performance

auditor’s tasks

The Standard Argument

Does do things “by the book” hampers auditor’s ability to conduct audit?

Can auditors think “out-side-of-the-box”?

Developing audit steps

The structure

From PFSPGP to audit steps

Audit steps and audit evidence

A Cybersecurity “Event”

MGM’s cybersecurity “issues”

What we observed may be the symptom (emails down, website down, slot machine mal-function), not the actual breach event.

Reporting or investigating the symptoms may not be enough unless the root cause is found.

The need to understand the cybersecurity events

It’s more than just “what happened?”

The need to understand the cybersecurity events



“something bad may happen to you!”

loss of data?

Loss of asset?

Critical infrastructure?

The risks, aka, “what is at stake?”

Threats can be numerous

Threat Agents

Threat agent

Those who carried out the attack

Who “realized” the threats

Think beyond just “hackers”

May not be “human” agent

The actor that enabled the threats



The “weakness”

What allowed threat agent to take advantage of

“easy targets”

no vulnerability, no threat.



Internal investigation

Third-party? Law enforcements?

What tools and methods were used?

How investigation results are communicated?

Impact Assessments

Impact assessment

the “Ooops”

Impact assessment might not be possible without investigation

Impact on reputation?

Real economic impacts

long term, short term?


Remediation efforts

“stop loss”

what was done and what needs to be done.

DRP & BCI, recovery from the event, and continuation of business operations.

Putting it together

Research & Reading

Research task:

Use NIST’s Special publication on Computer Security Incident Handling Guide to research on the following:

What is an incident?

How to handle an incident

Information sharing and coordination
















Lecture – Unit 9 Evaluate Disclosure

ACCT 855

Seminar in Cybersecurity Audit and Disclosure

Dr. Tien Lee, Ph.D., PMP, CISA, CISSP [email protected] | (415)644-TIEN San Francisco State University Lam Family College of Business

Dye’s Analogy (1985)

Dye (1985) provided a simple analogy using agency theory showing why management would manipulate disclosure:

management’s actions are subject to moral hazard and hidden actions, and

investors, individually, learn about the manager’s actions through disclosure that would reflect the management’s action through stock price changes.

Disclosure allows the principal to mitigate the moral hazard problem by tying the manager’s compensation to the firm’s stock price;

Dye’s Analogy (1985)

In this case, the manager could game the system and make disclosure sufficient to impact or not-impact the firm’s future cash flows.

The firm’s stock price would then become a function of that disclosure rather than a function of investor knowledge about the manager’s actions.

Therefore, firm’s stock price became “influenced” by the disclosure, even more so, by the content of the disclosure.

Dye’s Analogy & Cybersecurity Breach Disclosure

Subsequent to a security breach, managers may foresee that security breach events are intrinsically complex and difficult to understand for the principal;

it may take much longer for the full investigation to be completed.

The manager may very reasonably elect to control the disclosure in a manner that favors the manager’s self-interest.

The market reaction would be a function of the “diluted disclosure”, or “glorified disclosure” not the management’s effort and their true actions in managing or mis-managing the firm.

The Tale of Two Disclosures

StumbleUpon provided little information in its disclosure.

However, it is difficult to evaluate just how “bad” it is.

Need of measuring instruments

The Tale of Two Disclosures

Comparing to another disclosure…

Measuring the Quality of the Disclosure

Discussion: What makes a good disclosure?






Disclosure Accuracy

Accuracy is an important aspect of disclosure.

It’s important for the preparer to issue disclosure truthfully based on best available information at hand.


Accuracy of disclosure is impossible to measure consistently as the “truth” is not observable from the information users’ perspective.

Disclosures are “assumed to be accurate” after independent audit.

Disclosure Timeliness

Timely disclosure allows investors to make timely decisions.

However, in cybersecurity breach, one single dimension of timeliness may not be adequate enough…

Time dimension of cybersecurity breach may include:

When incident occurred

When incident were discovered

When investigation started

When remediation were determined

When external disclosure were issued.

Disclosure Timeliness

These dimensions allows the information user to determine the “lag time” of various events:

Discover lag (from incident occurrence to discovery)

Investigation lag (from discovery to investigation)

Remediation lag (from investigation to remediation)

Disclosure lag (from discovery to external disclosure)

Disclosure Timeliness

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?