(in alphabetical order)
Privacy, Security, Cybersecurity … challenges for the auditor
Argyro Chatzopoulou, CISA, HISP, CCSK, ISEB BCM, CSA STAR Auditor, PRINCE2 Practitioner, CSX (F)
Auditing in some areas is now considered common practice. Although it has managed to secure a position of value within organizations, recent years
and recent developments impose a series of changes to the practice of auditing. Paper based trails and auditing, often called traditional auditing, have been enriched with terms like risk, information systems, security, cyber security,privacy etc. All these new additions and dimensions are presenting challenges to auditors and they have to overcome them. In this presentation, and after many audits in various companies, environments and countries, a strategy of facing the changing nature of audits is presented.
Security and Privacy considerations in digital transformation initiatives
Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, Past ISACA Chair, Group Director of Information Security for INTRALOT (Greece).
Digital transformation in businesses and government can unlock a multi-trillion euro value over the next decade, with Artificial Intelligence (AI), the Internet of Things (IoT), Big Data and the Cloud being at the front of technologies and models that will enable innovation. This keynote explains the importance of embedding security and privacy in digital transformation initiatives as a way to increase the competitiveness and trust of products and services, on top of being a compliance requirement.
The Science of Success
Elina Giachali, NLP Life & Business Coach
What is that part in you that if changed it will positively change all your inner and outer environment? That part in you that if changed it will change the way you do things, once and for all? In the Science of Success we will tap in this particular part within yourself. You will be guided step by step to turn inwards and gain access to your inner wisdom for more clarity and certainty in your decision making process under challenging circumstances. You will also be given tools that will cultivate further those skills of yours that tap into your higher mind and help you get through your biggest goals with more confidence and ease. Finally if practiced daily, these tools will help you become much more effective in performing everyday tasks, make you more confident in yourself and help you fulfill your long term goals.
Digital Transformation in Insurance
Xenofon Liapakis, General Manager CIO & Services, Interamerican
The insurance market has dramatically changed the last decades. The insurers have recognized that:
Consumers’ behavior is changing: Consumers have become increasingly demanding and now expect real-time support and 24x7 customer interaction from their insurers. They expect from their insurance company advanced services similar to the ones they enjoy from companies as Amazon, Google, eBay and social media.
Profitability is dropping: Insurers’ profitability is under pressure. They have to pursue alternative avenues to improve their performance and profitability. Their insurance business model is changing. Their product development process is changing, creating a new generation technology-infused products influenced by advanced Artificial intelligence platforms based on IoT data. They continue investing in disrupting technologies as: Big Data, Internet of Things (IoT) – Telematics - connected devices and wearables, Artificial intelligence, Blockchain technology etc.
Adaptability is more vital now than ever: The more agile organization is, the more able to change, adapt or react rapidly, in response to the emergence of new competitors, the development of new industry-changing technologies, or sudden shifts in overall market conditions.
Innovation must happen rapidly: The faster an organization can go from idea to implementation the more it can embrace opportunities to transform and even disrupt markets and internal business models based on a “Fail fast, to succeed faster,” mentality.
Regulations’ landscape is changing: The insurance sector remains highly regulated and the changing policy landscape provides both opportunities and challenges. The General Data Protection Regulation will increase regulatory scrutiny of how European insurers’ collect, store and use customer data. Since cyber risk is one of the biggest risks for the companies, the regulation will create new markets for the insurance companies once they have developed and launched the appropriate cyber risk products which cover these risks.
For all those reasons the insurance market continues transforming intensively having recognized that digital transformation journey has a start but not an end, which practically means that digital, should become part of insurers’ culture & DNA and integrate it into their day to day business!
ISACA Privacy Principles and Program Management Guide Overview
Yves LE ROUX ISACA Privacy Guidance Task Force Chairman
The main purpose of ISACA Privacy Principles and Program Management Guide is to provide a set of privacy principles that align with the most commonly used privacy standards, frameworks and good practices, and fill the gaps that exist among the different standards to deliver a harmonized privacy framework. This practical guide can support or be used in conjunction with other privacy frameworks, good practices and standards to create, improve and evaluate a privacy program that is specific to the enterprise. Special guidance on how to use the COBIT 5 framework to implement a more robust privacy program is included. The ISACA Privacy Principles and Program Management has been published in a two-volume set:
- “ISACA Privacy Principles and Program Management Guide” &
- “Implementing a Privacy Protection Program: Using COBIT 5 Enablers with the ISACA Privacy Principles”
This presentation will give an overview of these two volumes.
Counting Down to GDPR: Setting priorities now
Michalis Samiotakis, CISM, CISSP, ITIL, Senior Manager, Technology Consulting, PwC, VP of the Board of Directors of ISACA Athens Chapter
The European Union’s General Data Protection Regulation (GDPR) takes effect on May 25, 2018, creating challenges for every organization doing business in the EU before, during and after the deadline. As the largest change to data protection legislation in the last 20 years, GDPR gives regulators unprecedented power to impose fines, requiring widescale privacy changes across organizations. But GDPR also represents a broad opportunity to transform your approach to privacy, harness the value of your data, and ensure your organization is fit for tomorrow’s digital economy. What does GDPR and data privacy mean for you?
Hot topics under the GDPR - how can technology help?
Dr. Andrea Simandi, Senior Data Protection Attorney, Microsoft
Dr. Andrea Simándi will provide an overview about how broadly the GDPR applies and impact organizations. The presentation will provide insights about the GDPR compliance stakeholders within organizations and and their unique considerations. Andrea will explain the shared responsibility model under the GDPR between data controllers and data processors, and highlight how technology providers can help customers with understanding and implementing a plan to achieve full GDPR compliance. The presentation will touch upon a couple of hot topics, including data subject rights, record keeping, training and Data Protection Officers.
Going UP? - How to talk about Privacy with your boss in the elevator?
Bruno Horta Soares, CISA®, CGEIT®, CRISC™, PMP®, ISACA Lisbon Chapter, Executive Senior Advisor IDC Portugal
Before you do things right, you have to do the right things. Why good communication between business and IT areas is so important to help organizations delivering value and how to put everyone speaking the same language using COBIT 5 related materials. Reality check and lessons learned from projects and initiatives developed to improve Information Security & Privacy savviness (not only related with GDPR!) at small medium enterprises in a “small medium country” like Portugal.
Big data and compliance needs: Panacea or Paralysis?
George Triantafillos, Head of Platform Integration (Leading Business CIO), Nordea
Banking environment is facing imminent challenges on advanced customer demand for personalised user experience and digital services while compliance information needs are increasing to a very granular level. Those challenges are occurring while competition is diversifying rapidly among traditional and new financial service providers where margins and fees are at lowest levels. Modern data platforms should reflect information needs that are very different in nature – on one hand, exploring patterns on individual information level and on the other hand standardising regulatory information to enable economies of scale. Data can become a valuable solution to multiple needs or severely sub optimise the enterprise performance if mismanaged. Qualified data management and comprehensive data and platform integration strategies can be seen as central element for avoiding that trap. Building incrementally data platforms and systems while understanding the transition states coexisting with data systems is also an area of high attention. Data as a valuable asset becomes also subject to compliance by itself especially on areas like data governance, data aggregation and data security.
GDPR Compliance: Connecting the dots between what you have to do and why you have to do it!
Mina Zoulovits, Digital Transformation and Privacy Law Expert, Member of the Multistakeholder Expert Group of the EE for the monitoring of the implementation of the GDPR
The new General Data Protection Regulation poses serious challenges to all institutions containing personal data (both private and public ones) urging them to adopt the necessary legal and technical requirements to satisfy its strict privacy and security requirements. The extremely high volume of the fines that can be imposed in cases of non compliance and/or of data breach, has put the GDPR in the top of the management agenda of all establishments. New principles and notions such as Accountability, DPO, Data Privacy Impact Assessment, Privacy by Design and By Default, Data Breach Notification etc will enter into everyone’s everyday life and philosophy. It has become evident that the GDPR compliance work is not just a new data governance exercise; it is rather a major shift in the mentality and the structure of every organization. Its clear aim is to put the persons and their data in the center of the attention (vis a vis the economic growth and/or the operations of any organization). So, it basically requires from every player in the market to do an Xray and a self assessment of all its processes and operations to achieve compliance.