SlideShare a Scribd company logo

The evolving threats and the challenges of the modern CISO

I
isc2-hellenic

This document summarizes a presentation given by Gerasimos Moschonas on the evolving threats facing CISOs and the challenges they face. It discusses how threats are becoming more advanced as attacks grow more aggressive and attackers become more professional. It also examines how the role of CISO has evolved from an IT security administrator to an independent and strategic role responsible for information security governance. Specific threats discussed include big data, the internet of things, cybercrime, social engineering, mobility, and an increasingly regulated environment. The challenges for CISOs are aligning security and business strategies, reducing risks to an acceptable level while protecting the business brand, and preparing for security incidents.

Technology
1 of 21
Download to read offline
1 The evolving threats and the challenges of the modern CISO Gerasimos Moschonas Information Security Professional 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Information Security Topics  Big Data  Internet of Things  Cyber Crime & Attacks  Social Engineering  Mobility  Regulatory Framework 2
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 3
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 World keeps changing  From centralised legacy systems (in premises) to decentralised interconnected systems (in and out of premises)  Outsourcing services  Cloud computing  ΙοΤ  Enterprises become more and more digital, and a serious target for cyber criminals  Attacks and attackers become more smart, aggresive and professionals  Threats are evolving and cyber security is a top priority 4
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Incidents keep growing 5  Massive DDoS attack against major DNS service Dyn, affected a huge portion of Internet users in the US, taking down the access to major web services, including Twitter, Amazon, Netflix, PayPal  SWIFT cyber heists (started from the Bank of Bangladesh)  Yahoo had been hacked ..... again and ... again  Hospitals, state and local governments, law enforcement agencies, small & large businesses - these are just some of the entities impacted recently by ransomware  Spam email operator's faulty backup leaks 1.37bn addresses  WikiLeaks Vault 7 : CIA hacking tools revealed
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 CISO’s role keeps evolving From the role of the IT security administrator & the IT Security Officer inside the IT Unit to the independent role of CISO who:  Is a decision maker, an influencer  Has the overall responsibility for the Information Security Governance, reporting to the Senior Management  Is Business-oriented and Technology-oriented, talks the business & the technology language as well. Understands the business environment, acts as an integrator of people, business processes and technology  “Translates” information security risks to business risks  Is always aware of the evolving threats, the technology trends and the regulatory framework 6
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Big Data  Amount of data is increasing daily  Data at rest and in transit, in and out of the perimeter  But, do you know  Where is your data located?  How is your data used and exchanged?  Who has access and for which reason?  The retention period and how is it destructed?  If Cloud services are being used?  Use of cloud services for cost reduction raises several matters to evaluate  Data privacy and compliance  Lack of governance  Appropriate security controls  Contractual terms (e.g. Right to Audit) 7 Employees & Partners 1/2
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Big Data  Restrict the user environment (usb media, admin rights)  Use DLP measures for data in transit (at the endpoints and the perimeter)  Enforce Identity & Access Management (staff, partners)  Use of encryption – segregation of duties  Apply a retention and destruction policy for both electronic and physical data  For cloud services  Identity – Evaluate the assets  Perform a risk based assessment  Define the minimum security controls  Be compliant with data privacy regulations 8 Employees & Partners 2/2
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Internet of Things  More than 24 billion IoT devices installed on Earth by 2020  These «things» don’t «look» like traditional computers and aren’t treated like computers  Usually no adequate security measures taken  Could be used as a botnet or as an entry point to a home or corporate network  IoT Botnet ‘Mirai’ targeted vulnerable ‘Smart’ IoT devices turning them into ‘Bots’, used for DDoS  Implement strong authentication  Ensure the identity of each device  Apply device-to-device secure communication  Minimise the data exchanged, processed and stored  Secure the data stored on the devices 9
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Cyber Crime & Attacks 10 1/4
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Cyber Crime & Attacks  Attacks become more aggresive and intelligent  Crime as a Service  Distributed Denial of Services (DDoS)  Advanced Persistent Threats (APTs)  0-day attacks (malware unknown to traditional controls)  The era of the Ransomware Ransomware attacks against businesses increased threefold in 2016. Kaspersky Lab recorded one ransomware attack every 40 seconds against companies in September.  ATM attacks (malware, black box) 11 2/4 AKAMAI REPORT Q4 2016
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Cyber Crime & Attacks  Bypassing the perimeter e.g. a malware is spreaded via a usb / a laptop connected to a workstation / the network  Do you really know if someone or “something” malicious is already inside your network?  How do you monitor the inside behavior to have alerts for any abnormal activity?  What constitutes normal and abnormal activity? Preventing known threats is not enough : detect and prepare for the Unknown 12 3/4
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Cyber Crime & Attacks  Threat intelligence for monitoring both the incoming traffic (web & email) and the corporate network, detecting any malicious activity which points to viable threats  Implement centralised Advanced Threat Protection technologies for simulating the behavior of the malicious/suspicious traffic (sandboxing)  Implement multi-layered protection for the endpoints (reputation analysis, advanced machine learning, behavior emulation, memory exploit mitigation)  Sign a Cyber Insurance contract  Educate the incident response team to react accordingly 13 4/4
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Social Engineering Methods of manipulating / tricking people to disclose confidential information, breaking the security procedures  CEO Fraud  Spear Phishing (targeting Companies or group of people) via email, sms, voice  Social Media masquerade, Fake Apps/Sites: Fraudsters can masquerade your brand - across your digital channels - and bait your customers with scams, phishing and offers for counterfeit products and services (Sony Twitter account hacked)  Educate and train the personnel (and the clients)  Security awareness program - Metrics  Protect your Brand – Internet monitoring 14
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Mobility  Mobile apps  m-wallets, m-banking, …  Contactless and NFC payments  Abuse of privacy : where the app has access to?  Mixing of personal and corporate data on the device  Remote working for troubleshooting  Remote access to corporate resources  Emails, Intranet Sites, Documents sharing  Data stored in the cloud (e.g. iCloud)  «Rooted» / «jailbroken» operating systems override the security of the mobile device 15 1/2
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Mobility 16  Privacy by design  Application security assessment  BYOD policy – Mobile Data Management  Security policy (password, idle timeout), encryption  Check for “rooted” devices / Remote Wipe  Malware protection  WiFi – Bluetooth not always on  Secure remote access procedure  Guest – WiFi LAN not connected to corporate network  Control each device connected to the corporate network 2/2
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017  Information Security becomes more and more regulated  General Data Protection Regulation (GDPR)  The Directive on security of network and information systems (NIS Directive)  The EU Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation)  The 2nd Payment Services Directive (PSD2)  Be ahead of the Regulatory Requirements – Act proactively  Inform the Enterprise for the new obligations – Act for being compliant in time 17 Regulatory Framework
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017  Build a understandable and robust (cyber) security strategy  Align security strategy to business strategy, supporting the business success  Engage the Board. “Translate” information security risks to business risks  Reduce information security risks to an acceptable level. Adopt appropriate security measures and procedures 18 The challenges of CISO 1/2
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017  Protect business brand and keep customers’ & shareholders’ confidence high  Be ahead of the Regulatory Requirements – Act proactively  Be prepared for an incident – Assume you’ll be compromised  Educate the personnel – Raise awareness 19 The challenges of CISO 2/2
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Managing information security risks while delivering value to the digital enterprise The role of CISO is more vital than ever 20 The role of CISO
2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Q & A 21

Recommended

IANS 2015 RSA Presentation
IANS 2015 RSA PresentationIANS 2015 RSA Presentation
IANS 2015 RSA Presentation
Andrew Sanders
 
A day in the life of a CISO (and advice for people looking to come into the C...
A day in the life of a CISO (and advice for people looking to come into the C...A day in the life of a CISO (and advice for people looking to come into the C...
A day in the life of a CISO (and advice for people looking to come into the C...
Dimitrios Stergiou
 
Super CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your JobSuper CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your Job
Priyanka Aash
 
From Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIROFrom Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIRO
Priyanka Aash
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)
Ollie Whitehouse
 
Security Program Development for the Hipster Company
Security Program Development for the Hipster CompanySecurity Program Development for the Hipster Company
Security Program Development for the Hipster Company
Priyanka Aash
 
What is needed to start trusting the security of your applications in the cloud?
What is needed to start trusting the security of your applications in the cloud?What is needed to start trusting the security of your applications in the cloud?
What is needed to start trusting the security of your applications in the cloud?
PECB
 

Recommended

IANS 2015 RSA Presentation
IANS 2015 RSA PresentationIANS 2015 RSA Presentation
IANS 2015 RSA Presentation
Andrew Sanders
 
A day in the life of a CISO (and advice for people looking to come into the C...
A day in the life of a CISO (and advice for people looking to come into the C...A day in the life of a CISO (and advice for people looking to come into the C...
A day in the life of a CISO (and advice for people looking to come into the C...
Dimitrios Stergiou
 
Super CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your JobSuper CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your Job
Priyanka Aash
 
From Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIROFrom Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIRO
Priyanka Aash
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)
Ollie Whitehouse
 
Security Program Development for the Hipster Company
Security Program Development for the Hipster CompanySecurity Program Development for the Hipster Company
Security Program Development for the Hipster Company
Priyanka Aash
 
What is needed to start trusting the security of your applications in the cloud?
What is needed to start trusting the security of your applications in the cloud?What is needed to start trusting the security of your applications in the cloud?
What is needed to start trusting the security of your applications in the cloud?
PECB
 
Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
Vladimir Jirasek
 
Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services
Marlabs
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
CCA study group
CCA study groupCCA study group
CCA study group
IIBA UK Chapter
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - Introduction
Muhammad Akbar Yasin
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
AdilsonSuende
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
PECB
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
PECB
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
Greenway Health
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Global Business Events
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
20161021 JS Cybersecurity Service Proposal
20161021 JS Cybersecurity Service Proposal20161021 JS Cybersecurity Service Proposal
20161021 JS Cybersecurity Service Proposal
Carl Bradley Pate
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP Certification
Sam Bowne
 
Cyber Security Expect the Unexpected
Cyber Security Expect the UnexpectedCyber Security Expect the Unexpected
Cyber Security Expect the Unexpected
isc2-hellenic
 
Operation Grand Mars
Operation Grand MarsOperation Grand Mars
Operation Grand Mars
isc2-hellenic
 

More Related Content

What's hot

Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
20161021 JS Cybersecurity Service Proposal
20161021 JS Cybersecurity Service Proposal20161021 JS Cybersecurity Service Proposal
20161021 JS Cybersecurity Service Proposal
Carl Bradley Pate
 

What's hot (20)

Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
 
Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services Marlabs Capabilities Overview: Cyber Security Services
Marlabs Capabilities Overview: Cyber Security Services
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - Introduction
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
Kevin Watkins, Enterprise Security Architect at BAT - BAT’s Managed Security ...
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
20161021 JS Cybersecurity Service Proposal
20161021 JS Cybersecurity Service Proposal20161021 JS Cybersecurity Service Proposal
20161021 JS Cybersecurity Service Proposal
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP Certification
 

Viewers also liked

NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
IT Governance Ltd
 
It for fiu The Internet as a tool for financial intelligence units
It for fiu The Internet as a tool for financial intelligence units It for fiu The Internet as a tool for financial intelligence units
It for fiu The Internet as a tool for financial intelligence units
Joseph Yosi Margalit
 

Viewers also liked (20)

Cyber Security Expect the Unexpected
Cyber Security Expect the UnexpectedCyber Security Expect the Unexpected
Cyber Security Expect the Unexpected
 
Operation Grand Mars
Operation Grand MarsOperation Grand Mars
Operation Grand Mars
 
Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment Building next gen malware behavioural analysis environment
Building next gen malware behavioural analysis environment
 
Flowchart - Building next gen malware behavioural analysis environment
Flowchart - Building next gen malware behavioural analysis environment Flowchart - Building next gen malware behavioural analysis environment
Flowchart - Building next gen malware behavioural analysis environment
 
GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017
 
European Cyber Security Challenge - Greel National Cyber Security Team
European Cyber Security Challenge - Greel National Cyber Security TeamEuropean Cyber Security Challenge - Greel National Cyber Security Team
European Cyber Security Challenge - Greel National Cyber Security Team
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom?
 
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementCyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk Management
 
Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game Cybersecurity: Mock Cyberwar Game
Cybersecurity: Mock Cyberwar Game
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
Panoptis 2016
Panoptis 2016Panoptis 2016
Panoptis 2016
 
Pci standards, from participation to implementation and review
Pci standards, from participation to implementation and reviewPci standards, from participation to implementation and review
Pci standards, from participation to implementation and review
 
Western Region Municipality Presentation at CISO Asia Summit 2014
Western Region Municipality Presentation at CISO Asia Summit 2014Western Region Municipality Presentation at CISO Asia Summit 2014
Western Region Municipality Presentation at CISO Asia Summit 2014
 
Mandelaris_SecureWorld_2016_FINAL
Mandelaris_SecureWorld_2016_FINALMandelaris_SecureWorld_2016_FINAL
Mandelaris_SecureWorld_2016_FINAL
 
The Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to LeaderThe Cyber Security Leap: From Laggard to Leader
The Cyber Security Leap: From Laggard to Leader
 
It for fiu The Internet as a tool for financial intelligence units
It for fiu The Internet as a tool for financial intelligence units It for fiu The Internet as a tool for financial intelligence units
It for fiu The Internet as a tool for financial intelligence units
 
Security Threats
Security ThreatsSecurity Threats
Security Threats
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017
 

Similar to The evolving threats and the challenges of the modern CISO

Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
Arrow ECS UK
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
ijtsrd
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018
Confederation of Indian Industry
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
OurCrowd
 

Similar to The evolving threats and the challenges of the modern CISO (20)

2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
 
cyber security.pdf
cyber security.pdfcyber security.pdf
cyber security.pdf
 
Cyber security
Cyber security Cyber security
Cyber security
 
CYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdfCYBER SECURITY (R18A0521).pdf
CYBER SECURITY (R18A0521).pdf
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
188
188188
188
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
 
Task 3
Task 3Task 3
Task 3
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest Technologies
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
 
Abhishek kurre.pptx
Abhishek kurre.pptxAbhishek kurre.pptx
Abhishek kurre.pptx
 
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTIONAI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
AI IN CYBERSECURITY: THE NEW FRONTIER OF DIGITAL PROTECTION
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
 
Cyber_Security.-project-4th year-cse pdf
Cyber_Security.-project-4th year-cse pdfCyber_Security.-project-4th year-cse pdf
Cyber_Security.-project-4th year-cse pdf
 
Cyber_Security+Education_Project_Report.pdf
Cyber_Security+Education_Project_Report.pdfCyber_Security+Education_Project_Report.pdf
Cyber_Security+Education_Project_Report.pdf
 

More from isc2-hellenic

5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises
isc2-hellenic
 

More from isc2-hellenic (12)

General assembly 2016 02 24 1.0
General assembly 2016 02 24 1.0General assembly 2016 02 24 1.0
General assembly 2016 02 24 1.0
 
2016 02-14 - tlp-white ce2016 presentation
2016 02-14 - tlp-white ce2016 presentation2016 02-14 - tlp-white ce2016 presentation
2016 02-14 - tlp-white ce2016 presentation
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter
 
Event 16 12-15 kostas papadatos
Event 16 12-15 kostas papadatosEvent 16 12-15 kostas papadatos
Event 16 12-15 kostas papadatos
 
Event 16 12-15 panel1
Event 16 12-15 panel1Event 16 12-15 panel1
Event 16 12-15 panel1
 
Event 16 12-15 panel2
Event 16 12-15 panel2Event 16 12-15 panel2
Event 16 12-15 panel2
 
Event 16 12-15 global information security workforce study 1.0
Event 16 12-15 global information security workforce study 1.0Event 16 12-15 global information security workforce study 1.0
Event 16 12-15 global information security workforce study 1.0
 
5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises
 
4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack4. Mitigating a Cyber Attack
4. Mitigating a Cyber Attack
 
3. APTs Presentation
3. APTs Presentation3. APTs Presentation
3. APTs Presentation
 
2. Chapter introduction & update
2. Chapter introduction & update2. Chapter introduction & update
2. Chapter introduction & update
 
1. Welcome Note
1. Welcome Note1. Welcome Note
1. Welcome Note
 

Recently uploaded

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 

The evolving threats and the challenges of the modern CISO

  • 1. 1 The evolving threats and the challenges of the modern CISO Gerasimos Moschonas Information Security Professional 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017
  • 2. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Information Security Topics  Big Data  Internet of Things  Cyber Crime & Attacks  Social Engineering  Mobility  Regulatory Framework 2
  • 3. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 3
  • 4. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 World keeps changing  From centralised legacy systems (in premises) to decentralised interconnected systems (in and out of premises)  Outsourcing services  Cloud computing  ΙοΤ  Enterprises become more and more digital, and a serious target for cyber criminals  Attacks and attackers become more smart, aggresive and professionals  Threats are evolving and cyber security is a top priority 4
  • 5. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Incidents keep growing 5  Massive DDoS attack against major DNS service Dyn, affected a huge portion of Internet users in the US, taking down the access to major web services, including Twitter, Amazon, Netflix, PayPal  SWIFT cyber heists (started from the Bank of Bangladesh)  Yahoo had been hacked ..... again and ... again  Hospitals, state and local governments, law enforcement agencies, small & large businesses - these are just some of the entities impacted recently by ransomware  Spam email operator's faulty backup leaks 1.37bn addresses  WikiLeaks Vault 7 : CIA hacking tools revealed
  • 6. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 CISO’s role keeps evolving From the role of the IT security administrator & the IT Security Officer inside the IT Unit to the independent role of CISO who:  Is a decision maker, an influencer  Has the overall responsibility for the Information Security Governance, reporting to the Senior Management  Is Business-oriented and Technology-oriented, talks the business & the technology language as well. Understands the business environment, acts as an integrator of people, business processes and technology  “Translates” information security risks to business risks  Is always aware of the evolving threats, the technology trends and the regulatory framework 6
  • 7. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Big Data  Amount of data is increasing daily  Data at rest and in transit, in and out of the perimeter  But, do you know  Where is your data located?  How is your data used and exchanged?  Who has access and for which reason?  The retention period and how is it destructed?  If Cloud services are being used?  Use of cloud services for cost reduction raises several matters to evaluate  Data privacy and compliance  Lack of governance  Appropriate security controls  Contractual terms (e.g. Right to Audit) 7 Employees & Partners 1/2
  • 8. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Big Data  Restrict the user environment (usb media, admin rights)  Use DLP measures for data in transit (at the endpoints and the perimeter)  Enforce Identity & Access Management (staff, partners)  Use of encryption – segregation of duties  Apply a retention and destruction policy for both electronic and physical data  For cloud services  Identity – Evaluate the assets  Perform a risk based assessment  Define the minimum security controls  Be compliant with data privacy regulations 8 Employees & Partners 2/2
  • 9. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Internet of Things  More than 24 billion IoT devices installed on Earth by 2020  These «things» don’t «look» like traditional computers and aren’t treated like computers  Usually no adequate security measures taken  Could be used as a botnet or as an entry point to a home or corporate network  IoT Botnet ‘Mirai’ targeted vulnerable ‘Smart’ IoT devices turning them into ‘Bots’, used for DDoS  Implement strong authentication  Ensure the identity of each device  Apply device-to-device secure communication  Minimise the data exchanged, processed and stored  Secure the data stored on the devices 9
  • 10. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Cyber Crime & Attacks 10 1/4
  • 11. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Cyber Crime & Attacks  Attacks become more aggresive and intelligent  Crime as a Service  Distributed Denial of Services (DDoS)  Advanced Persistent Threats (APTs)  0-day attacks (malware unknown to traditional controls)  The era of the Ransomware Ransomware attacks against businesses increased threefold in 2016. Kaspersky Lab recorded one ransomware attack every 40 seconds against companies in September.  ATM attacks (malware, black box) 11 2/4 AKAMAI REPORT Q4 2016
  • 12. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Cyber Crime & Attacks  Bypassing the perimeter e.g. a malware is spreaded via a usb / a laptop connected to a workstation / the network  Do you really know if someone or “something” malicious is already inside your network?  How do you monitor the inside behavior to have alerts for any abnormal activity?  What constitutes normal and abnormal activity? Preventing known threats is not enough : detect and prepare for the Unknown 12 3/4
  • 13. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Cyber Crime & Attacks  Threat intelligence for monitoring both the incoming traffic (web & email) and the corporate network, detecting any malicious activity which points to viable threats  Implement centralised Advanced Threat Protection technologies for simulating the behavior of the malicious/suspicious traffic (sandboxing)  Implement multi-layered protection for the endpoints (reputation analysis, advanced machine learning, behavior emulation, memory exploit mitigation)  Sign a Cyber Insurance contract  Educate the incident response team to react accordingly 13 4/4
  • 14. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Social Engineering Methods of manipulating / tricking people to disclose confidential information, breaking the security procedures  CEO Fraud  Spear Phishing (targeting Companies or group of people) via email, sms, voice  Social Media masquerade, Fake Apps/Sites: Fraudsters can masquerade your brand - across your digital channels - and bait your customers with scams, phishing and offers for counterfeit products and services (Sony Twitter account hacked)  Educate and train the personnel (and the clients)  Security awareness program - Metrics  Protect your Brand – Internet monitoring 14
  • 15. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Mobility  Mobile apps  m-wallets, m-banking, …  Contactless and NFC payments  Abuse of privacy : where the app has access to?  Mixing of personal and corporate data on the device  Remote working for troubleshooting  Remote access to corporate resources  Emails, Intranet Sites, Documents sharing  Data stored in the cloud (e.g. iCloud)  «Rooted» / «jailbroken» operating systems override the security of the mobile device 15 1/2
  • 16. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Mobility 16  Privacy by design  Application security assessment  BYOD policy – Mobile Data Management  Security policy (password, idle timeout), encryption  Check for “rooted” devices / Remote Wipe  Malware protection  WiFi – Bluetooth not always on  Secure remote access procedure  Guest – WiFi LAN not connected to corporate network  Control each device connected to the corporate network 2/2
  • 17. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017  Information Security becomes more and more regulated  General Data Protection Regulation (GDPR)  The Directive on security of network and information systems (NIS Directive)  The EU Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation)  The 2nd Payment Services Directive (PSD2)  Be ahead of the Regulatory Requirements – Act proactively  Inform the Enterprise for the new obligations – Act for being compliant in time 17 Regulatory Framework
  • 18. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017  Build a understandable and robust (cyber) security strategy  Align security strategy to business strategy, supporting the business success  Engage the Board. “Translate” information security risks to business risks  Reduce information security risks to an acceptable level. Adopt appropriate security measures and procedures 18 The challenges of CISO 1/2
  • 19. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017  Protect business brand and keep customers’ & shareholders’ confidence high  Be ahead of the Regulatory Requirements – Act proactively  Be prepared for an incident – Assume you’ll be compromised  Educate the personnel – Raise awareness 19 The challenges of CISO 2/2
  • 20. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Managing information security risks while delivering value to the digital enterprise The role of CISO is more vital than ever 20 The role of CISO
  • 21. 2ο Forward Thinking Cyber Security Event (ISC)² Hellenic Chapter March 2017 Q & A 21