This question was tackled during the fifth edition of the Information Security Education Day (ISED) organised on 10 May 2019 by the University of Luxembourg and the Luxembourg Institute of Science and Technology (LIST). Almost 100 participants from academia and industry attended the event on Belval campus to exchange about artificial intelligence (AI) challenges for chief information security officer (CISO).
Source : uni.lu
Publication date : 05/14/2019
After a welcome speech by Yves le Traon and Nicolas Mayer, Course Directors of the Master en Management de la Sécurité des Systèmes d’information (MSSI), Tégawendé Bissyandé, Research Scientist at the University of Luxembourg introduced the topic by giving a general overview of artificial intelligence and by presenting machine learning and deep learning.
Then, Anne Goujon, Director of Data Science Lab at BGL BNP Paribas, Grégory Nou, CISO at BGL BNP Paris and David Hagen, Head of IT Supervision and Support PSF at CSSF, shared their viewpoints regarding the use of AI in banks. From the business innovation’s viewpoint, Anne Goujon identified AI as an opportunity to “reimagine” financial services by empowering employees, optimising operations and transforming the products. From the CISO’s viewpoint, Grégory Nou stressed the need of protecting the machine learning algorithms and models as an asset for a company. From the regulator’s viewpoint, David Hagen highlighted potential risks and gave some recommendations to manage data, governance, ethics, technology and external providers.
Luc Cottin, CISO at Alter Domus shared his own experience deploying an AI-based solution within his company. The key success factors included, among others, a strong security strategy, a solid data governance, the right human resources and the support from top management. He gave a demo of a tool leveraging AI used in Alter Domus to monitor and manage security risks.
Jean-Yves Mathieu, DPO Associate Director at East-West United Bank, focused on the challenges of identification vs authentication to go from the ability to identify uniquely a user of a system to the ability to prove that this user is genuinely the person who claims to be.
Emanuel Tanase, Global CISO at Lombard International, presented the potential applications and benefits of AI for CISO, such as early detection of cyber-attacks, fraud detection, spam filtering, phishing prevention, network monitoring, information security job automation, secure access management. He looked at some risks associated with AI technologies such as integrating tools that pretend to use AI or becoming dependent on fragile start-up companies selling those tools. In the race to defend against offensive techniques, he shown that the offensive part has always an advantage, that may become problematic when AI will be used to its full potential.
Tewfik Toum, Principal Advisor Technology & Business Services at IBM, tackled the issues of AI in cybersecurity. AI is promising but there are still work to do to, machine learning is not enough mature to be the only layer standing between businesses and cyber attackers.
To conclude the event, Jean-Pol Michel, Lead Partnership Officer at LIST, joined David Hagen and Emanuel Tanase to discuss the future of AI during a round table moderated by Bertrand Lathoud, Senior CyberSecurity Advisor at SMILE.
The Information Security Education Day (ISED) is a yearly one-day event co-organised by the University of Luxembourg (Computer Science and Communication Research Unit - CSC) and the Luxembourg Institute of Science and Technology (LIST), sponsored by the Club de la sécurité de l’information Luxembourg (CLUSIL) and the Interdisciplinary Centre for Security, Reliability and Trust (SnT).
Pictures and presentations: ised.uni.lu