Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Security Evolution in a Commercial WorldFocusing on the Response rather than the Protection
Nikos MaroulianakisINTERAMERICAN Insurance Greece
6th Information Security Conference 2019Feb. 14 | Athens
▪ The most famous brand in Greek
Insurance Market
▪ The highest brand awareness (99%)
▪ Balanced presence in
Non Life, Health and Life Business
Lines
▪ The only insurer with its own
Health and Assistance infrastructure
▪ Multi distribution model &
innovative products
▪ The 1st direct insurer in Greece
through Anytime
Interamerican at a glance
REPEATABLE Internet exposed years
IT security needs to focus on the response rather than the protection
DEFINED Cyber security years
MANAGEDData protection years
INITIAL Innocent years
OPTIMISEDProactive in Over Regulated years
Initial (innocent years )
Business needsSecurity ecosystem
Firewall
Antivirus
Proxy
Backup
Cooperate web site
Internet Access
Electronic mail
Repeatable (internet exposed years )
Business needsSecurity ecosystem
Security Officer
Security Policy (
Firewall UTM
VPN
Audit & Compliance
e-Commerce
Remote users
WAN Agency Network
Mobile Network
Solvency II
Disaster Recovery Site
Web Security Gateway
Risk Analysis
Endpoint Security
Log Management
Network Segmentation / Monitoring
E-mail Gateway
Patch Management
Physical Security Enhancements
Defined ( cyber security years )
Business needsSecurity ecosystem
RBAC - IDM
SIEM
User Awareness
Data Protection Regulation
e-Insurance
Mobile Office
Business Continuity Management System (ISO 22301)
Data Flow Management
Data Classification
IPS, Encryption, Device Control
Web Application Firewalls (WAF)
Penetration Test - Vulnerability assessment
Uninterrupted Business Operation
Managed(data protection years )
Business needsSecurity ecosystem
0-day malware
Emergency Incident response
Big Data
GDPR
Ransomware
Data Traffic Controller
DDos Protection
Mobile Device Management
Data Leakage Prevention
24*7 Managed Security Services
Authentication/Authorization/ Accounting
Security Analytics
Threat Emulator
Endpoint Security USB Blocking
Mail Encryption
Optimized( proactive in over regulated years)
Business needsSecurity ecosystem
2 Factor Authentication
Compliance Management System
Control Transferred (2nd -> 1st line)
Enhanced Database Security
Proactive VS Reactive
Over-Regulated Environment
IOT Advanced Network Security
Mobile Security Container
Secure Coding
Mobile
Robotics
Insurance as a service
CloudBlockchain
ArtificialIntelligence
Internet of Things
Digital eCosystem
Insurtech
Analytics
Virtual Assistance
Customer experience
The New Digital Insurance Challenges
Security Governance
Risk /ComplianceISO/DPO
Security Administrators
Security Analysts
External AuditorsInternal Audit 3rd Line
2nd Line
1st Line
Control Framework
Security Governance
Risk /ComplianceISO/DPO
Security Administrators
Security Analysts
External AuditorsInternal Audit 3rd Line
2nd Line
1st Line
Control Framework
Needed Factors
Security is a Business Process driving to
Operational Excellence
Business Plan Alignment with
Security Roadmap
Vision & Strategy
Reliable Partners
BudgetManagement Commitment
“There are two types of companies: Those that have been hacked and those that will be hacked.”
Robert S. Mueller, III, Director FBI
“There are two types of companies: Those that have been hacked and those that have not been founded yet.”
Interamerican