Περίληψη : | The importance of Information Security (InfoSec) in today’s, threat and complex landscape environment is globally recognized, and in many cases, it is enforced. This assertion can be easily confirmed by the adaptation and promotion of newer and stricter legislation (General Data Protection Regulation – GDPR), policies, procedures and requirements at national and international level. Almost any business sector is struggling to find productive and cost-saving ways to implement, in a successful and systematic manner, such a framework so as to minimize exposure to the constantly growing cyber threats and risks, while taking into consideration the extremely sophisticated attack methods of cyber criminals. Inevitably, Insurance Industry, could not be left out of the frame as insurance companies, slowly but steadily, are changing their business model to a more contemporary one and their presence to the internet and cyberspace in general, it continually increases, in an effort to create tighter customer relationships, offer new products and to expand their share of customers ’financial portfolios. On the top, new trends are being introduced, like cyber insurance,which open new markets but requires at the same time expertise, specialized knowledge and competences that still insurers do not possessed.The basic scope of this thesis is the creation of a new holistic InfoSec Framework accompanied by a relevant theoretical and practical methodology to be applied to Insurance companies, as well as, indicatively examples and documented drafts. In particular, an effort is being made to gather, summarize, assess and deploy the• InfoSec Requirements of ISO 27001 (formally known as ISO/IEC 27001), the best known and most applied standard for an Information Security Management System (ISMS).• InfoSec Requirements of General Data Protection Regulation (GDPR), an EU regulation (2016/679), referring to the protection of natural persons with regard to the processing of personal data and on the free movement of such data.An overview of head topics, which are being analyzed, consist of• The current InfoSec Landscape in insurance sector• A high level demonstration of Private Insurance Sector• An understanding of Insurance Risk The business opportunities that InfoSec may bring to the insurance sector(Cyber Insurance)• An understanding of the Information Security Management System (ISMS)• A thorough walking tour through the ISO 27001 requirements• A walking tour through the basic and most important GDPR chapters,provisions and differentiations• The analysis and construction of the new InfoSec Framework The Framework’s consistent and comprehensive structure tries to combine the most serious InfoSec requirements and disparate security controls under the same roof, avoiding duplications, unnecessary and recurring processes. After all, the ultimate goal of all the existing InfoSec frameworks and standards is one; to protect information.
|
---|