Latest news with #InformationSecurity
Forbes
07-05-2025
- Business
- Forbes
Leveling Up: How Technology Is Shaping The Future Of Gaming
Varsha Agarwal is the Head of Information Security at Prosper Marketplace. getty AI in cybersecurity is one of those buzzwords that gets thrown around a lot, but too often, the conversation feels abstract and overwhelming. At Prosper Marketplace, we've been experimenting with practical ways to bring GenAI into our security program, starting with simple, impactful use cases that make our day-to-day more efficient. We're not trying to reinvent cybersecurity. We're simply looking to reduce repetitive tasks, improve decision-making and give our teams more time to focus on what matters most. I've pulled the examples below directly from our experience to offer ideas for security teams that want to explore how GenAI can help—whether it's smarter vendor risk reviews, faster remediation or more contextual insights for insider threat detection. Smarter Vendor Reviews Third-party risk assessments have traditionally been a manual, time-consuming grind for most security teams. With dozens of vendors to evaluate and limited resources, it's easy to fall behind or miss important risk indicators hidden in tedious documentation. We've applied GenAI to streamline this process and have seen an immediate impact. Our internal GenAI chatbot reviews vendor-provided documentation (including SOC2 reports, penetration test summaries and our internal due diligence questionnaires) to highlight control deficiencies and surface relevant security insights that would otherwise take hours to extract manually. What used to take our GRC team nearly three days per vendor is now handled in just a few hours. A low-lift, high-impact use case like this can deliver immediate ROI, and we believe many security teams can replicate it with minimal effort using off-the-shelf GenAI tools and internal data. Accelerated AppSec Remediation Not all vulnerabilities pose the same risk. An emerging use case we're exploring is the application of GenAI in prioritizing and remediating application security vulnerabilities, specifically those identified through static (SAST), dynamic (DAST) and SCA tools. We can use GenAI to parse and interpret vulnerability scan data, summarizing each finding in plain language and aligning it with relevant business and security context. By providing GenAI with environmental context such as asset classification, system criticality and application architecture, we can enable it to make more accurate prioritization decisions that reflect real business risk and operational impact. For example, GenAI can correlate vulnerability data with application metadata, threat intel and usage patterns to infer impact, ranking a low-severity risk in a critical system higher than a critical issue in a deprecated repository. Additionally, it can generate easy-to-understand vulnerability descriptions along with language-specific remediation code snippets tailored to our internal frameworks and dependencies—a vastly useful feature for developers who are generally focused on the velocity of feature release. Over time, GenAI can learn from previously accepted fixes and team feedback to refine its suggestions, effectively serving as a remediation assistant that accelerates secure coding with developer oversight. This has the potential to drastically reduce the time it takes for developers to interpret, prioritize and remediate vulnerabilities—a space we're excited to dive into further in our environment. Insider Risk Narratives GenAI adds a deeper layer to traditional AI/ML-based user behavior analytics (UBA) by providing contextual interpretation and narrative around anomalous/flagged behaviors. It can summarize complex user actions (contextualized from multiple sources) in simple language, making it easier for analysts to understand the intent behind suspicious activities. GenAI can also analyze unstructured data sources like emails and chat messages to identify potential insider threat signals (such as toxic language, resignation hints or policy violations) and correlate that with anomalous system activity. Additionally, it can use all of these insights to inform user risk scores, which go toward strengthening insider threat detection. We're beginning to explore how we can operationalize this using our own environment. We plan to feed SIEM anomalies and user behavioral data into our internal GenAI chatbot, which can help deliver concise narratives to our security analysts. We're going to start with simple use cases like detecting offboarding-related data movement, excessive privilege use and correlated risky communications, and we plan to expand into automated triage and ticket creation workflows. For example, the chatbot's output may look something like: "User Jane Doe accessed 28 confidential files over the weekend after submitting her resignation. No similar behavior in the past 90 days. Login from an unmanaged device observed. Recommend further investigation." Smarter Role Management Traditional role-based access control (RBAC) models often suffer from over-permissioning, role duplication and manual upkeep. GenAI introduces a smarter, context-aware layer to RBAC, enabling more efficient role design, optimization and review. GenAI can analyze historical access logs, entitlement usage, organizational charts and peer group comparisons to recommend the appropriate roles, the removal of unused permissions or the splitting/merging of roles. It can also recommend the most appropriate role for new access requests based on the user's job title, department and similar users' access patterns, helping avoid one-off entitlements. GenAI can also detect drift between a user's access and their actual behavior, triggering real-time recommendations to adjust their role or flag potential risk. This continuous role-tuning capability helps maintain a tighter alignment between access and actual job function, improving both security and governance. With modern tools and APIs, it no longer takes a massive budget or dedicated AI team to get results. In our experience, the best way to start is to pick a manual, repetitive task your team already struggles with and experiment with how it can help. Maybe that's summarizing risk in a vendor questionnaire, helping a SOC analyst understand a behavioral anomaly without sifting through dozens of logs or just writing clearer access review summaries. What matters most is starting with something real and learning by doing. Over time, your GenAI workflows can evolve into more complex automations. We're early in our journey, but we're already seeing the benefits, and we hope our learnings help others confidently take their first steps into AI-enabled security. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Zawya
06-05-2025
- Business
- Zawya
Dubai Electronic Security Center launches new innovative projects at GISEC Global 2025
Rolled out a certification program for Information Security Officers to equip individuals across various government sectors with the skills needed to implement the information security regulations Introduced a Post-Quantum Cryptography (PQC) Guideline to bolster Dubai's digital infrastructure readiness. Al Shaibani:"These new projects reflect our commitment to building a reliable and sustainable digital infrastructure that aligns with Dubai's vision of becoming the world's smartest and safest city." Dubai, UAE: The Dubai Electronic Security Center announced the launch of a series of innovative initiatives and projects aimed at strengthening the emirate's digital security and cyber infrastructure, while also advancing specialized talent development in the sector. The announcements were made during the Gulf Information Security Expo and Conference (GISEC Global 2025), held at the Dubai World Trade Centre from May 6-8, where the Center is participating as the official Government Cybersecurity Partner. Zero Trust Assessment Tool and Guideline Among the new initiatives is the Zero Trust Assessment Tool and Guideline, a major leap in securing Dubai's government networks and includes a comprehensive guide for implementing the Zero Trust model, which emphasizes continuous verification of identity and access rights. This practical tool assists organizations and local entities in transitioning to a Zero Trust framework, ensuring the protection of critical systems and data, in complex and dynamic technological environments, thereby reducing the risk of breaches and insider threats. The guideline will be implemented across several government entities in Dubai using advanced technologies, including multi-factor authentication, network segmentation, continuous digital traffic monitoring, and data classification based on sensitivity levels. These measures minimize cyberattack exposure and ensure swift response to breach attempts, despite challenges such as integrating the new system with existing infrastructure and maintaining a seamless user experience. ETHAQ Plus Initiative The Dubai Electronic Security Center also launched the advanced "Ethaq Plus" initiative, aimed at elevating digital trust and enabling secure, reliable transactions for organizations. The service provides certified digital certificates to protect data and communications, verify authenticity, and support the adoption of trusted digital identities and advanced security models that reduce cyber risks at the institutional level. Information Security Officers Certification Program As part of its efforts to develop national talent, the Center introduced the ISR Officer Certification Program to equip individuals across various government sectors with the knowledge and skills needed to implement the information security regulations effectively. It also helps cultivate a new generation of cybersecurity officers, strengthening the resilience and sustainability of Dubai's government operations. Readiness for Quantum Technologies In preparation for future threats arising from advancements in quantum computing, DESC launched the Post-Quantum Cryptography Guideline. This guide is designed to prepare Dubai's digital infrastructure to counter emerging quantum-based threats. The initiative marks a strategic step to ensure Dubai's digital defenses remain at the forefront, safeguarding the city's smart data, services, and thriving digital future. H.E. Yousuf Hamad Al Shaibani, Chief Executive of the Dubai Electronic Security Center, said: "At the Dubai Electronic Security Center, we are committed to fostering a resilient and secure cyber environment driven by innovation and proactive adaptability to evolving challenges. The new projects we unveiled at GISEC Global 2025 reflect our vision to build a trusted, sustainable digital infrastructure aligned with Dubai's future goal of becoming the smartest and safest city in the world." Al Shaibani added, "By adopting concepts like Zero Trust and developing advanced national platforms, we reaffirm our commitment to providing strategic solutions that support government and private entities in protecting their critical data and services, enabling them to accelerate digital transformation with confidence and efficiency. We also believe that investing in national talent is the cornerstone of cultivating a new generation of cybersecurity leaders capable of ensuring the sustainability of Dubai's digital security." Specialized Cybersecurity Challenges During the event, the Center launched the latest edition of the Dubai Cyber Challenge, dedicated to Dubai government entities. The challenge aims to assess and enhance participants' cybersecurity skills while promoting compliance with the Center's Information Security Regulations (ISR). The competition features over 30 carefully designed tasks simulating commonly used government applications and services in Dubai. With varying difficulty levels, the challenges allow participants to test their cybersecurity abilities across diverse scenarios. Additionally, DESC is hosting the School of Cyber Defense Championship in partnership with TechFirm, attracting over 300 applications from university students across the UAE. Participants compete in an advanced environment simulating real-world cybersecurity challenges, where they respond to cyberattacks and identify security vulnerabilities. Winners will receive valuable prizes worth over AED 130,000, supporting the development of their skills and careers in the cybersecurity field.
