Governance & Risk Management , Professional Certifications & Continuous Training , Standards, Regulations & Compliance

Banking CISO: Lessons from Attacks

Banque Saudi Fransi's Osman on Responding to Top Threats
Banking CISO: Lessons from Attacks
Roshdi Osman, Banque Saudi Fransi

As in many regions, Middle East region's banking sector faces the heightened challenge of increased phishing attacks, APTs, the security skills shortage and an inability to detect threats.

But the question for security leaders isn't so much 'Which threats do you face?' but rather 'What are you doing about them?'

"The question arises whether CISOs have learned their lessons from the past attacks," says Roshdi A. Osman, deputy CISO, Banque Saudi Fransi, the largest corporate bank in Saudi Arabia. "The most important requirement is to build their capabilities, besides working out risk frameworks."

CISOs need to play a strategic leadership role in building the skills necessary for leveraging new technologies and for building risk management strategy in order to address the complex business environment, says Osman.

"CISOs also need to collaborate with peers and experts in the industry through information sharing to learn the methods of pre-empting attacks and finding ways to thwart them," he says.

"While being vigilant of the organized crime and increasing hacktivism, CISOs must ensure that compliance needs are met and baseline security is maintained," Osman says.

In this interview with Information Security Media Group, conducted during the GISEC event in Dubai, Osman discusses new themes that CISOs need to take stock of to address security challenges. He also shares insights on:

  • Evolving threat landscape and lessons learned;
  • Regulatory risk frameworks;
  • The information sharing process.

Osman has over 13 years of experience in significant leadership roles in information security in various organizations including Fortune 500 companies. He has been a strategic decision maker, informing and influencing executive management to support corporate security initiatives, with a demonstrated ability in building an accountable, information security-conscious culture and a functional information security governance program. Prior to taking up the current role, he had stints at State Farm Insurance, Lucent Technologies - Bell Labs Innovations, and GE Aircraft Engines - Aviation.

Varun Haran contributed to this report

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.