GISEC 2015 SPECIAL | EXPERT VIEWS
CSO CORNER
Risk AssessmentPressing Need of the hour One of the leading speakers at GISEC, Dan Lohrmann is known for his refreshingly practical commentary on computer security. Dan engaged in a twitter conversation over information security challenges prior to GISEC 2015. Excerpts.
What are the top 5 security trends that are likely to impact the Middle East? Security issues with the cloud, mobile, big data, internet of things (IoT) and critical infrastructure protection. You have been recognized time and again for your skills as CSO; what’s your best tip for CSOs worldwide? Build trusted relationships with the business. Many enterprises still don’t have a CIO-CISO system; many still manage with either- do you think that can be a trouble? To some extent yes. You need someone who is accountable and has the resources to get the job done right. The data we host on clouds- who is responsible for their security ? Are there strict norms regarding the same? The data owner will always answer to their customers. Again, you can outsource the function, but not the responsibility. You are a seasoned CSO; how have you seen the trends changing before you in enterprise security? Absolutely. The CISO has moved up the org chart,
and the role is getting more attention. Also, more threats and risks. Smartphones are not safe, but can’t be done away with too .So, is there a plausible solution indeed? Enterprises need to have mobile device management (MDM) and security processes and procedures that are enforced. This (MDM) is certainly not perfect, but it can lower mobile risk tremendously. Is there still no way to stop the cyber crime before it actually hits the enterprises? No single way. It takes great people, processes and technology. It is also a 7x24 challenge... Is it really okay to trust an enterprise’s security to a third party service provider? A good lawyer answer: “It depends...” You need to know who you are dealing with. Background checks. Trust but verify. Also remember that you can outsource the functions, but never outsource the risk and your company or government reputation Is cyber threat landscape of MEA anyway different from other regions? Every region has its own unique challenges, but overall it is very similar around the globe. The Internet has few borders.
DAN LOHRMANN
CHIEF STRATEGIST & CHIEF SECURITY OFFICER AT SECURITY MENTOR ; EX-CSO, STATE OF MICHIGAN
“Right now the bad guys are ahead of the good guys. I think the good guys will eventually catch-up, but it will take time.” Should cyber insurance be made compulsory? What’s your take? Not today, but mandatory cyber insurance may be coming. The industry must evolve first and agree to better standards. What’s the best tip for enterprise security now? A good risk assessment of your enterprise What is the biggest worry you see CISO’s grappling with globally? Moving forward - the explosion of mobile devices flowing into the Internet of Things (IoT) Antivirus, Firewalls - nothing is losing its value. Is security always going to grow more complicated only? Is there no simpler way out? Great point! It seems likely right now. And yet, the new products just keep coming don’t they? Right now the bad guys are ahead of the good guys. I think the good guys will eventually catchup, but it will take time.ë
A P R I L 2 015
MEA
07