View All Past Conferences

2nd

 AGENDA

08:15

Registration

09:00

Opening Remarks:

Mr. Ioannis Lefkakis – ISACA Athens Chapter President
Prof. Despina Polemi – Conference Chairman, University of Piraeus, ISACA Academic Advocate

09:10- 09:50

1 – ISACA KEYNOTE Presentation- Welcome from ISACA International - latest update:
State of the art in governance of enterprise IT and information security

Dr. Christos Dimitriadis – ISACA International VP, Head of Information Security for Intralot Group

09:50 - 10:20

2 – KEYNOTE Presentation - Developing a risk management culture: a Regulatory perspective

Mr. Andrea Servida – Head of Task Force "Legislation Team (eIDAS)", European Commission

10:20 - 10:40

Speaking Slot - Key trends and messages from the PwC Global State of Information Security® Survey 2013:
"Roundtable discussion of key issues impacting Greece and the rest of the world"

Facilitator: Mr. Stan Voulanas – Partner, IT Risk Assurance, PwC, Greece

10:40 - 11:00

Speaking slot - Mobile security: Its all about the applications,

Dr. Konstantinos Papapanagiotou – OWASP Greece Chapter Leader, Information Security & Risk Management Services Manager at Syntax IT

11:00 - 11:20

Coffee Break

11:20 - 11:50

3 – KEYNOTE Presentation - Trust in the web

Dr. Paul Spirakis – Professor,President of the Computer Technology Institute and Press –"Diophantus"

11:50 - 12:10

Speaking Slot - IT Forensics gives a new dimension to Information Security: The role of IT Auditor

Mr. Christos Vidakis – Senior Manager, Management and Risk Consulting, KPMG Advisors AE

12:10 - 12:30

Speaking Slot - A Letter to Santa-Audit

Mr. Tassos Alefantos – International Representative of itSMF Hellas, Manager IT&T Operations and Data Centre Services at Athens International Airport

12:30 - 13:00

4 – KEYNOTE Presentation - Cyber Security Challenges of Cloud Computing - the EU approach

Dr. Evangelos Ouzounis – Head of Resilience and CIIP Unit, ENISA

13:00 - 14:00

Lunch Break – 8TH FLOOR – ROOF GARDEN

14:00 - 14:40

"20 slides in 20 seconds" Session - Say it in 6 40

Dr. Konstantinos Papapanagiotou (OWASP, Syntax IT): "Hack Yourself out of the Debt"
Mr. George Raikos (ISACA Athens Chapter Secretary): "Crisis!…what Crisis?"
Mr. Anestis Demopoulos (ISACA Athens Chapter Vice-President): "Get recognized as an expert - the ISACA certifications"
Mr. Ioannis Lefkakis (ISACA Athens Chapter President): "More CPE than ever before - an ISACA benefit"
Mr. Marc Vael (ISACA International VP): "Privacy"

14:40 - 15:20

5 – ISACA KEYNOTE Presentation - Beyond Identity Management: Welcome to the world of access governance

Mr. Ramsés Gallego – ISACA International VP, Security Strategist and Evangelist for Dell

15:20 - 16:00

6 – ISACA KEYNOTE Presentation - Trust in and value from Cloud computing today

Mr. Marc Vael – ISACA International VP, Chief Audit Executive at Smals vzw

16:00 - 16:20

Coffee Break

16:20 - 16:50

7 – KEYNOTE Presentation - Security and Risk Management for Smart Grids

Dr. Lucie Langer – Safety & Security Department of the AIT Austrian Institute of Technology

16:50 - 18:00

Round Table Discussion: Your Session, ask whatever you want and challenge the experts

Dr. Christos Dimitriadis, Mr. Ramsés Gallego, Mr. Marc Vael

18:15

End of conference

 

KEYNOTE PRESENTATIONS

Welcome from ISACA International-latest update: State of the art in governance of enterprise IT and information security with Dr. Christos Dimitriadis, CISA, CISM, CRISC, Head of Information Security for Intralot Group

Abstract: ICT has become the backbone of the world economy, while at the same time it targets at improving quality of life through the adoption of new technologies in our daily life. Enterprises and professionals are continuously looking for ways to balance risk and value, to become more competitive and cost effective, to innovate. This presentation from ISACA International will display the recent trends in the areas of governance of enterprise IT, information security and risk, while ISACA's latest and upcoming frameworks will be demonstrated as the means to address the needs of the modern enterprise.

BIO: Christos K. Dimitriadis, CISA, CISM, CRISC, is an International Vice President of ISACA. He also is the Head of Information Security for Intralot Group, a multinational supplier of integrated gaming and transaction processing systems based in Greece, managing information security in more than 50 countries in all continents. Mr. Dimitriadis has served ISACA as chairman of the External Relations Committee and member of the Relations Board, Academic Relations Committee, ISACA Journal Editorial Committee and Business Model for Information Security Workgroup. Mr. Dimitriadis has been working in the area of information security for 11 years and has authored 70 publications in the field. He has been providing information security services to the ITU, European Commission Directorate General, European Ministries and international organizations, as well as business consulting services to entrepreneurial companies. Mr. Dimitriadis received a diploma of electrical and computer engineering from the University of Patras, Greece, and a Ph.D in information security from the University of Piraeus, Greece.

 

Beyond Identity Management: Welcome to the world of access governance
with Ramsés Gallego, CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT(f), Six Sigma Black Belt Certified

Abstract: In a world that is changing at the speed of light, protecting information is the number one priority for CISOs. And while there are many processes and technologies for doing that, the discipline of Identity Management is turning into an overarching topic, a different approach that requires a different thinking: one that considers who is really touching corporate information, the need of controlling accounts with elevated rights and the deployment of a corporate program on accessing sensitive information. Through a series of examples and covering all of the angles of the Identity & Access Management discipline, this session will highlight the birth of a new dimension. Welcome to the world of Access Governance.

BIO: With a background education in Business Administration (MBA) and Law, Ramsés is a +15 year security professional with deep expertise in the Risk Management and Governance areas. Ramsés is now Security Strategist and Evangelist for Dell where he defines the vision of the security discipline and oversees the deployment of services. Before, he was at CA Technologies for 8 years, was Regional Manager for SurfControl in Spain and Portugal, and just recently Chief Strategy Officer of the Security and Risk Management practice at Entelgy. Ramsés has been serving for three years in ISACA's CISM and CGEIT Certification Committees and also in the Guidance & Practices Committee for three years from where deliverables have been created for the community. He is honored to have been the Chair for ISACA's ISRM Conference and is now Research Director & Strategic Planning at the Barcelona Chapter and part of the Program Committee for the events SecureCloud 2010 and 2012. Ramsés played an instrumental role in the Planning Committee that prepared first-ever ISACA's World Congress in Washington, June 2011. He has also been part of the ISACA's CISM PATF Task Force. He also develops results-oriented, business-focused, people-driven projects due to his Six Sigma Black Belt accreditation. He has been appointed International Vice President for ISACA and has a seat in its Board of Directors.

 

Trust in and value from Cloud computing today
with Marc Vael, CISA, CISM, CRISC, CGEIT, CISSP, ITIL service manager, Prince2, ISACA International VP, Chief Audit Executive at Smals vzw,

Abstract: Many business and IT leaders are wondering today what cloud computing really means, what it can do for their business and how it impacts their IT environment. Marc will present a vision on the current cloud computing trends, the concerns, the value and the need for calculating the cloud computing ROI based on recent research performed by ISACA and based on his personal experience working with organizations on cloud computing implementations and audits.

BIO: Marc Vael (°1967) has three Master's degrees (Applied Economics, Information Management and IT Management). During his professional career, Marc obtained certifications in IT audit (CISA), information security (CISM and CISSP), IT risk management (CRISC), IT governance (CGEIT and ITIL service manager) and project management (Prince2) and still maintains these through continuous professional education. Marc achieved his official certification for Director at GUBERNA in 2012. He has 20 years active experience in evaluating, designing, implementing and monitoring solutions on risk and information security management, business continuity management, privacy and IT Audit. Currently Marc is Chief Audit Executive at Smals vzw, a Belgian not-for-profit IT company with more than 1.800 employees working primarily for Belgian Federal Social Security Institutions. In this role, Marc is responsible for all internal auditing activities reporting directly to the Audit committee of Smals vzw. Besides his full-time job, Marc is member and active volunteer at ISACA since 1995. Since June 2012 he is elected as international vice-president of ISACA International and chair of ISACA's Knowledge Board and the Cloud Computing Task Force and member of ISACA's Strategic Advisory Council. In April 2012 Marc got also elected president of the ISACA Belgium Chapter. Marc is lecturing as guest professor at Antwerp Management School since 1997 and Solvay Brussels School since 2004. He is a deputy member of the Flemish Privacy Commission since January 2010, board member of SAI since January 2012 and a member of the Permanent Stakeholder Group of ENISA since August 2012. He is a passionate speaker and published author involved with research and innovation in his core expertise domains. He has received the formal nomination of "fellow" in October 2012 from the University of Leuven for his contribution to IT.

 

INVITED KEYNOTE PRESENTATIONS

Developing a risk management culture: a Regulatory perspective 
with Andrea Servida, Head of Task Force "Legislation Team (eIDAS)", European Commission

Abstract: TBA

BIO: He is Head of the Task Force "Legislation Team (eIDAS) in Directorate General 'Communication networks, content and technology' (DG CONNECT) of the European Commission. From 2006 to 2012, he was Deputy Head of the Unit "Internet; Network and Information Security" in DG INFSO where he co-managed the Unit and was in charge of defining and implementing the strategies and policies on network and information security, critical information infrastructure protection, electronic signature and identification. From 1993 to 2005, he worked in the European Commission ICT research programmes (ESPRIT, IT, IST and ICT) dealing with safety critical systems, software engineering, database technology, privacy enhancing technologies, biometrics, dependability and cyber security. Before joining the European Commission in 1993, he worked in industry for nearly eight years as a project manager of international R&D projects on decision support systems for environmental, civil and industrial emergency and risk management. He graduated with Laude in Nuclear Engineering at Politecnico di Milano and carried out PhD studies on fuzzy sets and artificial intelligence at Queen Mary and Westfield College, University of London.

 

Trust in the web
with Dr. Paul Spirakis, Professor, President of the Computer Technology Institute and Press – "Diophantus"

Abstract: This talk will focus on issues of Trust in the Web, including a discussion about Open Data and Information Assurance. We shall discuss Trust definitions, models, and tools, and the important initiative of the EU on Open Data. The talk will also overview some challenging research topics related to Information Assurance, as well as recent evolutions in the European Research Agenda on the issue. Some relations to modern Cryptography will also be highlighted.

BIO: Paul Spirakis, obtained his PhD from Harvard University, in 1982. He is currently the President of the Computer Technology Institute & Press "DIOPHANTUS" and a Full Professor in the Patras University, Greece. Was acknowledged between the top 50 scientists worldwide in Computer Science with respect to "The best Nurturers in Computer Science Research", published by B. Kumar and Y.N. Srikant, ACM Data Mining, 2005. His research interests Algorithms and Complexity and interaction of Complexity and Game Theory. Paul Spirakis has extensively published in most of the important Computer Science journals and most of the significant refereed conferences. He was elected unanimously as one of the two Vice Presidents of the Council of the EATCS. He is a member of Academia Europaea, a member of the ACM Europe Council and has been appointed as a Member of the Executive Body of the Polytechnic University of Cyprus.

 

Cyber Security Challenges of Cloud Computing - the EU approach
with Dr. Evangelos Ouzounis, Head of Resilience and CIIP Unit, European Network and Information Security Agency (ENISA)

Abstract: ENISA has played an important role in giving stakeholders an overview of the information security risks when 'going cloud'. In this presentation Dr. Ouzounis presents ENISA's work in the area, explains how this is related to the overall EU policy context and identifies areas for future work.

BIO: Dr. Evangelos Ouzounis is the head of ENISA's Resilience and Critical Information Infrastructure Protection (CIIP) Unit. His unit implements EU Commission's CIIP action plan, organises the CIIP exercises (e.g. Cyber Europe 2012/10, Cyber Atlantic 2011), facilitates Member States efforts towards a harmonised implementation of incident reporting scheme (article 13 a of new Telecom Package), and develops good practices for national cyber security strategies and national contingency plans. ENISA's Resilience and CIIP Unit runs also numerous other studies on cyber security aspects of critical sectors and services like Industrial Control Systems - SCADA, Smart Grids, Cloud Computing, Botnets and Interconnected Networks. The Unit also issues strategic recommendations and develops good practices for relevant stakeholders. Prior to his position at ENISA, Dr. Ouzounis worked several years at the European Commission, DG Information Society and Media (DG INFSO). He contributed significantly to EU Commission's R&D strategy and policies on securing Europe's infrastructures and services. Dr. Ouzounis was co-founder of Electronic Commerce Centre of Competence (ECCO) at Fraunhofer Institute for Open Communication Systems (FhG-FOKUS, Berlin, Germany). He led and managed more than 20 pan European and International R&D projects. Dr. Ouzounis holds a Ph.D from the Technical University of Berlin and a master in computer engineering and informatics from the Technical University of Patras, Greece. He was a lecturer at Technical University of Berlin, wrote 2 books and more than 20 peer reviewed academic papers and chaired several international conferences.

 

Security and Risk Management for Smart Grids
With Dr. Lucie Langer, Safety & Security Department, (AIT) Austrian Institute of Technology

Abstract: Future energy grids will make extensive use of the integration of ICT technologies. Thus, cyber security risks become a threat even for energy suppliers. Together with various partners both from research and industry, the AIT Safety & Security Department is currently developing technologies and tools to strengthen the resilience of smart grids against cyber-attacks. This includes specific risk management approaches for utility providers, processes and guidelines for implementing security in smart grid environments and also security assessment and monitoring solutions. The presented risk management approaches can also be applied for other security relevant research projects such as "FastPass – A harmonized, modular reference system for all European automatic border crossing points".

BIO: Dr. Lucie Langer joined the Safety & Security Department of the AIT Austrian Institute of Technology in 2012. She is currently working on projects related to the security of critical infrastructures and smart grids. Before joining the AIT Lucie has been working as a Technology Consultant in the private sector for two years, focusing on access rights and infrastructure management in large-scale IT projects. From 2006 to 2010 she was a member of the Cryptography & Computer Algebra Group at Technische Universität (TU) Darmstadt, where she also received her PhD in 2010 and graduated in Mathematics in 2006. As a Research Assistant at TU Darmstadt she participated in several security-related research projects on e-voting, e-government and long-term archiving.

 

SPEAKING SLOTS

A Letter to Santa-Audit
with Tassos Alefantos, International Representative of itSMF Hellas, Manager of IT&T Operations and Data Centre Services at Athens International Airport

Abstract: An attempt to provide the auditee's perspective on audit outcomes. What an IT Manager would expect from an IT Audit, are there any business benefits, how could we maximize the business value for IT from an audit report, could a proactive audit process be more meaningful? The proposed answers will bridge COBIT and ITIL elements towards a value driven IT Service Management implementation.

BIO: Tassos Alefantos, founder, International Representative of the Greek chapter of IT Service Management Forum (ITSMF Hellas). He has over 20-years of international experience in the areas of Information Technology, Telecommunications and Airport Operations. Tassos Alefantos has extensive knowledge and experience in Corporate and IT Governance, IT Service Management and works intensively on the issue of IT Business Value. He is currently the Manager of IT&T Operations and Data Centre Services at Athens International Airport. He is a Certified Information Systems Auditor (CISA), Certified in the Risk and Information Systems Control (CRISC) and Certified ISO20000 Auditor.He holds a BEng in Aeronautical Engineering, a PDip in Computer Science and a Masters in Business Administration."

 

Mobile Security: It's all about the applications
with Dr. Konstantinos Papapanagiotou, OWASP Greece Chapter Leader, Information Security & Risk Management Services Manager at Syntax IT

Abstract: Mobile devices, smart-phones, tablets, etc. are nowadays an integral part not only of our personal but also business life. Everyday hundreds of mobile applications are created and deployed into millions of devices. Enterprises are rapidly looking for ways to embrace the new mobility paradigm, but at the same time face new challenges and risks. "Bring Your Own Device" is definitely a trend of our days which also carries along various risks related to employees connecting and using their personal mobile devices in the corporate network. However, another risk resides beyond the device: the applications that are installed on it. "Bring Your Own Application" can actually represent a more significant risk than BYOD. In this presentation we discuss mobile application security risks and challenges that mobile developers face. We will also outline key issues that auditors should be looking for when testing mobile applications, and finally suggest controls that can be used to improve security.

BIO: Dr. Konstantinos Papapanagiotou has more than 10 years of experience in the field of Information Security both as a corporate consultant and as a researcher. Currently he is managing the team of security consultants at Syntax IT Inc, providing information security services and solutions to large organizations in Greece, Cyprus, Balkans and the Middle East. He has strong expertise in the area of application security, having been involved with OWASP for several years now, leading the OWASP Greek Chapter and lately the Hackademic Challenges Project. He also organized the OWASP Global AppSec Research 2012 conference. Konstantinos holds a BSc from the Department of Informatics and Telecommunications, University of Athens, an MSc with distinction in Information Security from Royal Holloway, University of London and a PhD in Information and Network Security from the Department of Informatics and Telecommunications, University of Athens. He is the author of more than 10 scientific publications.

 

IT Forensics gives a new dimension to Information Security: The role of IT Auditor
with Christos Vidakis, CISA, CISSP, CISM, ISO 27001 LA, Senior Manager, Management and Risk Consulting, KPMG Advisors

Abstract: Nowadays, information security professionals have acknowledged the need of redefining the approach to protecting information assets. This is supported by the fact that the exponentially increasing investments in information security have only narrowed (compared to expectations) the number and the impact of information security breaches. Christos will present a revolutionary information security approach and the new challenging role of IT auditors.

BIO: Christos Vidakis has more than ten years of information systems security, auditing and technology experience, with special emphasis on continuous security testing engagements. He currently serves as a senior manager in KPMG's Risk and Management Consulting practice. Christos has directed and managed the technology integration aspects of financial statement audits, has designed and implemented information security management systems and has performed and managed a number of security assessments and system implementations such as ISAE 3402, PCI/DSS, SOX 404 and ISO 27001. Christos has led numerous technical risk assessment engagements involving forensics of security incidents, penetration tests, network and system security architecture assessments and has guide several clients in evaluation, designing, implementing and managing security architecture solutions. He has also performed assessment of banking information systems security according to the Bank of Greece Governor's Act 2577.

 

Key trends and messages from the PwC Global State of Information Security® Survey 2013
with Stan Voulanas, CISA, CIA, CMIIA, CA, Partner, Risk Assurance, PwC, Greece

Abstract: For many businesses, security has become a game that is almost impossible to win. The rules have changed, opponents are armed with expert technology skills, and the risks are greater than ever. In the 15th year, the Global State of Information Security® Survey had over 9,300 respondents from CEOs, CFOs, CIOs, CISOs, CSOs, VPs, and directors of IT and security from 128 countries who have been engaged in the high stakes game of information security. New rules and new opponents are in play. And to win, businesses must prepare to play a new game that requires advanced skills and strategy. A special report has been prepared for Greece with the participation of 77 executives from across a wide range of sectors. Τhe main findings of the report will be presented and discussed with a panel of four invited speakers.

BIO: Asterios Voulanas is PwC partner with 20 years of experience in the fields of technology governance, risk and compliance that helps clients gain value from their investments in IT and security. He is responsible for the Risk Assurance practice assists organizations in achieving controls excellence through a complete suite of industry focused IT, process and data risk and control solution sets. Asterios has authored a number of articles on information security on behalf of the firm for local Greek IT publications and newspapers. Asterios has led and managed a large number of PwC Greece's IT governance, risk, audit and security projects for a large portfolio of multinational and Greek clients. He has strong expertise in assessing and developing security and governance frameworks that address emerging and changing business and technology risks including those driven by industry or regulatory frameworks such as CoBiT, ISO27001, PCI-DSS, Privacy, Telecommunication and Banking specific regulations. His experience spans various industries and client segments including financial services, telecommunications, manufacturing, retail, shipping and logistics.

 

Conference Chairman

Prof. Despina Polemi, Assistant Professor, University of Piraeus, ISACA Academic Advocate

BIO: Professor Nineta Polemi has obtained the Degree in Applied Mathematics from Portland State University (USA) in 1984, Ph.D. in Applied Mathematics (Coding Theory) from The City University of New York (Graduate Center) in 1991. She held teaching positions (1984-1995) in Queens College and Baruch College of City University of New York. From 1991 to 1996 was assistant professor in The State University of New York at Farmingdale. During 1996-2005 was senior security researcher in the National Technical University of Athens (NTUA)-ICCS (www.ntua.gr). During 2000-2004 acted as President of the BoD and Technical Manager in the security consultancy company Expertnet (www.expertnet.net.gr). She is currently an Assistant Professor in the University of Piraeus (Dept. of Informatics) teaching cryptography, security and e-business.

Her current research interests are in the fields of security and collaborative e-services. She has over one hundred publications in the above areas and has organised numerous security scientific events. She has received many research grants from various organizations such as the Danish Research Foundation, MSI Army Research Office/Cornell University, IEEE, State University of New York (SUNY), and The Graduate School of City University of New York (CUNY). She has been project manager (PM) / technical manager (TM) in security projects of various programmes such as National Security Agency (NSA), Dr. Nuala McGann Drescher Foundation, Greek Ministry of Defence, INFOSEC (Biometrics Study, EUROMED-ETS, BESTS), TELEMATICS for Administrations (COSACC) and the European Commission (E.C.) IST Programme (HARP, BEE, SEED, WebSig, TSEC, CORAS, RESHEN, SEED, La Mer, SECRETS, INTELCITIES, SELIS, SWEB, NetShare, Eurogene, ImmigrationPolicy2.0). She participated in E.C. security projects of programs (COST, ACTS, ICT and NATOs). She acts as an expert and evaluator in the E.C. and the European Network and Information Security Agency (ENISA).