Athens, 2 December 2011 Hellenic American Union Conference Center

Transcription

1 Athens, 2 December 2011 Hellenic American Union Conference Center ISACA Athens Chapter and the Hellenic American Union are organizing the 1 st ISACA Athens Chapter Conference on December 2 nd, The theme of the conference is: IT Audit, Security & Governance Challenges in Financial Crisis. Renowned experts from the IT industry will share their experience and best practices In deploying successful strategies and implementation approaches around key issues facing IT assurance, security and governance professionals today, dealing with challenges raised from the financial crisis and the overall business & economic environment. The conference will also provide a platform for discussion on key issues faced today, such as: How does the current business & economic landscape change the IT related risk environment? What should the target areas and priorities of a successful security program be? How can IT governance initiatives facilitate business objectives, drive IT and business alignment and demonstrate the value of IT investments? What are the main risks and challenges in IT projects today? Earn a minimum of 6 CPEs and 6 PDUs KEYNOTES Are we receiving value from our investment in IT risk management? with John Mitchell, PhD, CEng, CITP, MBA, FBCS, CISA, CGEIT, CFIIA, QiCA, CFE, Managing Director, LHS Business Control, UK Dr. Mitchell is an international authority on corporate governance, risk management, cyber crime and the impact of regulatory and compliance issues on the delivery of IT services. He is a Fellow of both the Institute of Internal Auditors and the British Computer Society, where he is a member of its governing Council. He is also chair of the Audit Committee of ISACA s London Chapter and holds ISACA s prestigious John Kuyers award for best conference contributor. He has over 30 years practical governance experience and an international reputation for advising organizations on their governance strategies and associated methodologies. This is coupled with a strong academic background, which includes research, extensive publications and teaching at the post graduate level. John has been an expert adviser in a number of UK commercial and criminal cases and has been featured in a major British computing publication as the IT Detective. The 'R' in GRC Risk Management in Times of Crisis with Rolf von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, President of Forfa AG Rolf is the president of Forfa AG, a Swiss consulting network, and a retired partner at KPMG Germany. Rolf has served as Head of IT for the EMEA region in a leading global security firm. He is a former member of the Board of Directors at the Business Continuity Institute (BCI). He joined ISACA s Security Management Committee in He chaired the working group for ITGI s IT Control Objectives for Basel II publication and is currently a member of ISACA s Framework Committee and Professional Influence and Advocacy Committee. He has published extensively on business continuity management, disaster recovery, crisis management and security matters. Most recently, he authored the Business Model for Information Security published by ISACA.

2 SPEAKING SLOTS Aligning Emergency and Crisis with Information Security, with Vasilis Katos, Assistant Professor of Information and Communications Systems Security, Democritus University of Thrace Project Management, Risk Management and IT, with Stavroula Minasidou, PMP, Senior Manager, IT Advisory, KPMG Advisors AE Global trends in Information Security, Risk Management and the Greek Perspective, with Gregorios Themistocleous, CISA, CRISC, ITIL, Senior Manager, Ernst & Young Advisory Services Human Firewalls: Making your people an effective line of defence, with Asterios Voulanas, CISA, CIA, CA, Partner, Technology Assurance, PwC Greece Dr. Rodica Tirtea, Technical Competence Department, European Network and Information Security Agency ENISA Topic: TBA Nasos Kladakis, Solutions Specialist, MCT CTT+, Microsoft Hellas Topic: TBA Stay in touch at and for updates on the conference program. INFORMATION Official language: English Venue: Hellenic American Union Conference Center (Massalias 22 Athens) Hours: 9:00 to 17:00 Registration fee: 50 for ISACA members 70 for non ISACA members 50 for more than 2 registration from the same company Fees are subject to 23% VAT You can register with the Hellenic American Union. For further information, please contact: Eleni Tsirigoti, PMP Vocational Training Section, Hellenic American Union Tel: , etsirigoti@hau.gr ISACA Athens Chapter education@isaca.gr

3 Find out more about our speakers and the program KEYNOTE PRESENTATIONS The 'R' in GRC Risk Management in Times of Crisis with Rolf von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, President of Forfa AG Abstract: In the context of financial and economic crises, traditional risk management has shown some limitations. Much of today s risk landscape has reverted to categories of risk, and to threats, that are intrinsic to the use of critical information infrastructures. The presentation will highlight developments in European risk management as well as new (or old?) risks that must be addressed by senior management. BIO: Rolf is the president of Forfa AG, a Swiss consulting network, and a retired partner at KPMG Germany. Rolf has served as Head of IT for the EMEA region in a leading global security firm. He is a former member of the Board of Directors at the Business Continuity Institute (BCI). He joined ISACA s Security Management Committee in He chaired the working group for ITGI s IT Control Objectives for Basel II publication and is currently a member of ISACA s Framework Committee and Professional Influence and Advocacy Committee. He has published extensively on business continuity management, disaster recovery, crisis management and security matters. Most recently, he authored the Business Model for Information Security published by ISACA. Are we receiving value from our investment in IT risk management? with John Mitchell, PhD, CEng, CITP, MBA, FBCS, CISA, CGEIT, CFIIA, QiCA, CFE, Managing Director, LHS Business Control, UK Abstract: This presentation will discuss the value of IT risk management processes and policies when money is tight. In particular this presentation will answer a few critical questions about controls and risk management such as: Can we explain what a control is? Does it slow down our systems and what is really providing us with? How our controls work? The working of a control is a mystery to most people, including auditors, but if we don t know how they work how we can assess their effectiveness and whether they are worth the investment. Do our controls really manage our IT risks? Many risk registers indicate a move from inherent red risk to residual green risk as the result of controls being in place. However, is the red to green really justified? Is the control suitably designed and implemented to justify the move? Does it reduce likelihood, or consequence, because a single control cannot do both things? Can we measure our control effectiveness? Are we able to state that a control is good or bad and do we have monitors and early warning indicators in place to alert us of a potential failure? What is the impact of poor control in business terms? Because many IT controls are invisible, security staff find it difficult to describe the impact of a control failure in business terms. Audit reports should also alert business management to the consequences associated with the findings. Finally, when money is tight, any increment in security management should be justified in business terms, followed by a total cost benefit analysis. And how much should we spend on security during a financial crisis? This can only be answered by looking outside the security arena and considering all the investments on which the enterprise should spend its limited money. BIO: Dr. Mitchell is an international authority on corporate governance, risk management, cyber crime and the impact of regulatory and compliance issues on the delivery of IT services. He is a Fellow of both the Institute of Internal Auditors and the British Computer Society, where he is a member of its governing Council. He is also chair of the Audit Committee of ISACA s London Chapter and holds ISACA s prestigious John Kuyers award for best conference contributor. He has over 30 years practical governance experience and an international reputation for advising organisations on their governance strategies and associated methodologies. This is coupled with a strong academic background, which includes research, extensive publications and teaching at the post graduate level. John has been an expert adviser in a number of UK commercial and criminal cases and has been featured in a major British computing publication as the IT Detective.

4 SPEAKING SLOTS Aligning emergency and crisis with Information Security Vasilis Katos, Assistant Professor, Information and Communications Systems Security, Democritus University of Thrace Abstract: In this talk Dr. Katos will attempt to identify the challenges and ripples the late financial crisis may cause to the information security landscape. By highlighting the differences between being placed in a state of crisis rather in a state of emergency, we ought to challenge best practices, security trade offs and roles relating to, or adjunct to information security within an organization. We are experiencing a need for re organizing information security functions and reprioritizing requirements, as the ever increasing complexity of systems and, in many cases, critical infrastructures, is taking place in not so friendly socio economic environments. BIO: Vasilis Katos is Assistant Professor of Information and Communications Systems Security at Democritus University of Thrace. Prior to this post he was Principal Lecturer and course tutor for the MSc in Forensic IT at the University of Portsmouth in the UK. He is a certified Computer Hacking Forensic Investigator (CHFI). His research is in information security and privacy, computer forensics and incident response, with his work being funded by national and European bodies. He has over 50 publications in journals, book chapters and conference proceedings and serves as a referee on several reputable conferences and journals. In terms of research recognition, he has received keynote speech invitations for international conferences and his research has been addressed by reputable magazines such as the New Scientist. He is Academic Advocate ISACA and served as a member of the Institute of Information Security Professionals. In terms of industrial experience, he was security consultant for Cambridge Technology Partners (Novell, Inc) for two years and a defense expert for a criminal court in the UK. Project Management, Risk Management and IT Stavroula Minasidou, PMP, Senior Manager, IT Advisory, KPMG Advisors AE Abstract: It is a fact that all projects carry risk. Timely risk planning and mitigation means less demand on leadership s time to address fire. Regardless of conditions, improving an organization s performance in project risk management and incorporating this critical activity in a consistent, disciplined and integrated project management framework can increase the success and value of its initiatives. The presentation will give an overview of a successfully applied project management framework, focusing in project risk management activity in IT projects. BIO: Stavroula Minasidou is a Senior Manager in KPMG, responsible for the IT Project Management service line which includes Portfolio, Program and Project Management services and process framework design, as well as PMO set up, staffing and running. With over of 15 years of experience, she has implemented a wide range of projects in the area of project management, business processes reengineering and ERP systems implementation. She has also significant experience in training professionals, having designed and executed Project/ Program Management seminars for large companies of private sector. Global trends in Information Security Risk Management and the Greek perspective Gregorios Themistocleous, CISA, CRISC, ITIL, Senior Manager, Ernst & Young Advisory Services Abstract: An increasing number of businesses are moving into the virtual world. Physical boundaries are disappearing as more data is transmitted over the internet. Further, software is having more of an impact on business models as cloud computing, social networking and mobile devices become more prevalent. Based on thousands of interviews with C level executives and information security experts, and research amongst 1,700 participants in 52 countries, this year's survey found that although globally many information security budgets are increasing, there is a growing gap between current needs and what information security is achieving. There is still much more that can be done to protect information and manage information risk. Both globally and particularly in Greece we believe that it is time to get back to basics and define a clear information security strategy and improvement agenda to help information security out of the fog. BIO: Greg is a Senior Manager at Ernst & Young Advisory Services. He has been involved with information systems, internal audit, risk and control assessments services since In the course of his professional career he has served a number of clients in the manufacturing, petrochemicals, telecommunications, media, health, banking and insurance industry sectors.

5 Greg has gained extensive experience in IT audit and security, especially in the areas of internal & financial audit, SOX and Enterprise Resource Planning applications (ERP), namely SAP, through a number of engagements in different countries across South East Europe. Greg is Information Technology Infrastructure Library (ITIL Foundation v3) certified, a Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and a member of the Information Systems Audit and Control Association (ISACA). He holds an M.Sc. in Analysis, Design and Management of Information Systems from the London Schools of Economics (UK) and a B.A. degree in Business Economics and Organizational Studies from the University of Reading (UK). Human Firewalls: Making your people an effective line of defense Αsterios Voulanas, CISA, CIA, CA, Partner, Technology Assurance, PwC Greece Abstract: Over the years, many organizations have heavily invested in technology solutions to protect information assets, yet financial losses due to cyber crime continue to grow despite major steps forward in technical defenses. More recently, public attention has been repeatedly drawn to the threats posed by mishandling of personal information by employees. Although technical defenses are vital, such point solutions can also create a false sense of security. We tend to forget that there is always a human element; negligence, ignorance, anger or even curiosity that can give rise to incidents. Accordingly, what is required is a new approach, in which an investment in understanding and influencing the behaviours of all those concerned is better balanced against the continued investment in technology solutions. BIO: Asterios Voulanas is PwC partner with 20 years of experience in the fields of technology governance, risk and compliance that helps clients gain value from their investments in IT and security. He is responsible for the IT Assurance, Technology Governance, Security and Forensics practice in Greece. Asterios has authored a number of articles on information security on behalf of the firm for local Greek IT publications and newspapers. Asterios has led and managed a large number of PwC Greece s IT governance, risk and security projects for a large portfolio of multinational and Greek clients. He has strong expertise in assessing and developing security and governance frameworks that address emerging and changing business and technology risks including those driven by industry or regulatory frameworks such as CoBiT, ISO27001, PCI DSS, Privacy, Telecommunication and Banking specific regulations. His experience spans various industries and client segments including financial services, telecommunications, manufacturing, retail, shipping and logistics. Asterios has a BA Latrobe University and Post Graduate Diploma Monash University Melbourne, Australia (Majors Legal Studies, Accounting & IT). He is a Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) and Australian Chartered Accountant (CA) This is a preliminary list of speakers and presentations. Stay in touch at and for updates.