Athens, 2 December 2011 Hellenic American Union Conference Center



Similar documents
SECURING PAYMENTS IN THE CYBER WORLD

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

"Integrating ITIL and COBIT 5 to Optimize IT Process and Service Delivery"

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Auditors Need to Know June 13th, ISACA COBIT 5 for Assurance

Database Security and Auditing

Information Security Governance:

The enemies ashore Vulnerabilities & hackers: A relationship that works

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Big 4 Information Security Forum

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

Achieving Governance, Risk and Compliance Requirements with HISP Certification Course

Security Risk Management Strategy in a Mobile and Consumerised World

ISACA Tools Help Develop Cybersecurity Expertise

Hans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA

All about CPEs. David Gittens CISA CISM CISSP CRISC HISP

Table of Contents EXECUTIVE SUMMARY ACKNOWLEDGEMENT AND DISCLAIMERS ENGAGEMENT SCOPE AND OBJECTIVES EXECUTIVE SUMMARY OF ASSESSMENT RESULTS

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP

North Texas ISSA CISO Roundtable

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Terms of Reference for an IT Audit of

Val-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning

Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks

Ensight Management Consulting Company presentation

Aalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014

Strategic IT audit. Develop an IT Strategic IT Assurance Plan

MSc Cyber Security UKPASS P Course 1 Year Full-Time, 2-3 Years Part-Time

Key Considerations of Regulatory Compliance in the Public Cloud

HOW SECURE IS YOUR PAYMENT CARD DATA?

KEY TRENDS AND DRIVERS OF SECURITY

A New Security Publication About Risk and Security for Business Leaders. Sponsorship & Advertising Media Pack

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

AUDIT LOGGING/LOG MANAGEMENT

Big Data: Impact, Benefits, Risk and Governance

Experienced professionals may apply for the Certified Risk Management Professional (CRMP) certification under the grandfathering provision.

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )

MANAGEMENT DEVELOPMENT COURSES

G11 EFFECT OF PERVASIVE IS CONTROLS

Mitigating and managing cyber risk: ten issues to consider

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

PROVING YOUR GRC KNOWLEDGE WITH CERTIFICATIONS

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

CYBER SECURITY TRAINING SAFE AND SECURE

Developing National Frameworks & Engaging the Private Sector

HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE

Smart Security. Smart Compliance.

IS Audit and Assurance Guideline 2202 Risk Assessment in Planning

INTELLIGENCE. RISK MITIGATION. RESPONSE. CONSULTANCY.

PCI DSS READINESS AND RESPONSE

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

IS Audit and Assurance Guideline 2402 Follow-up Activities

RISK ADVISORY SERVICES CONSTRUCTION AUDIT SERVICES

ISACA Privacy Principles and Program Management Guide Preview Yves LE ROUX Principal consultant

Cyber Security - What Would a Breach Really Mean for your Business?

A NEW APPROACH TO CYBER SECURITY

Kevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

Caretower s SIEM Managed Security Services

Executive Cyber Security Training. One Day Training Course

CCSK Prep Course 2015

HP Cyber Security Control Cyber Insight & Defence

SECURITY CONSIDERATIONS FOR LAW FIRMS

Executive Management of Information Security

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

Aalborg Universitet. Cloud Governance Berthing, Hans Henrik Aabenhus. Publication date: Document Version Preprint (usually an early version)

Compliance, Security and Risk Management Relationship Advice. Andrew Hicks, Director Coalfire

Cyber/ Network Security. FINEX Global

Benchmark of controls over IT activities Report. ABC Ltd

Business Continuity Management Emerging Trends

STREAM Cyber Security

Business Continuity for the New Professional. Britt Corra Enterprise BCM Erika Voss Senior BCM

MASTERS IN BUSINESS ADMINISTRATION MBA PLUS

Risk & Control Considerations for Outsourced IT Operations

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014

IT Service Management ITIL, COBIT

Moving Forward with IT Governance and COBIT

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Transcription:

Athens, 2 December 2011 Hellenic American Union Conference Center ISACA Athens Chapter and the Hellenic American Union are organizing the 1 st ISACA Athens Chapter Conference on December 2 nd, 2011. The theme of the conference is: IT Audit, Security & Governance Challenges in Financial Crisis. Renowned experts from the IT industry will share their experience and best practices In deploying successful strategies and implementation approaches around key issues facing IT assurance, security and governance professionals today, dealing with challenges raised from the financial crisis and the overall business & economic environment. The conference will also provide a platform for discussion on key issues faced today, such as: How does the current business & economic landscape change the IT related risk environment? What should the target areas and priorities of a successful security program be? How can IT governance initiatives facilitate business objectives, drive IT and business alignment and demonstrate the value of IT investments? What are the main risks and challenges in IT projects today? Earn a minimum of 6 CPEs and 6 PDUs KEYNOTES Are we receiving value from our investment in IT risk management? with John Mitchell, PhD, CEng, CITP, MBA, FBCS, CISA, CGEIT, CFIIA, QiCA, CFE, Managing Director, LHS Business Control, UK Dr. Mitchell is an international authority on corporate governance, risk management, cyber crime and the impact of regulatory and compliance issues on the delivery of IT services. He is a Fellow of both the Institute of Internal Auditors and the British Computer Society, where he is a member of its governing Council. He is also chair of the Audit Committee of ISACA s London Chapter and holds ISACA s prestigious John Kuyers award for best conference contributor. He has over 30 years practical governance experience and an international reputation for advising organizations on their governance strategies and associated methodologies. This is coupled with a strong academic background, which includes research, extensive publications and teaching at the post graduate level. John has been an expert adviser in a number of UK commercial and criminal cases and has been featured in a major British computing publication as the IT Detective. The 'R' in GRC Risk Management in Times of Crisis with Rolf von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, President of Forfa AG Rolf is the president of Forfa AG, a Swiss consulting network, and a retired partner at KPMG Germany. Rolf has served as Head of IT for the EMEA region in a leading global security firm. He is a former member of the Board of Directors at the Business Continuity Institute (BCI). He joined ISACA s Security Management Committee in 2005. He chaired the working group for ITGI s IT Control Objectives for Basel II publication and is currently a member of ISACA s Framework Committee and Professional Influence and Advocacy Committee. He has published extensively on business continuity management, disaster recovery, crisis management and security matters. Most recently, he authored the Business Model for Information Security published by ISACA.

SPEAKING SLOTS Aligning Emergency and Crisis with Information Security, with Vasilis Katos, Assistant Professor of Information and Communications Systems Security, Democritus University of Thrace Project Management, Risk Management and IT, with Stavroula Minasidou, PMP, Senior Manager, IT Advisory, KPMG Advisors AE Global trends in Information Security, Risk Management and the Greek Perspective, with Gregorios Themistocleous, CISA, CRISC, ITIL, Senior Manager, Ernst & Young Advisory Services Human Firewalls: Making your people an effective line of defence, with Asterios Voulanas, CISA, CIA, CA, Partner, Technology Assurance, PwC Greece Dr. Rodica Tirtea, Technical Competence Department, European Network and Information Security Agency ENISA Topic: TBA Nasos Kladakis, Solutions Specialist, MCT CTT+, Microsoft Hellas Topic: TBA Stay in touch at www.hau.gr and www.isaca.gr for updates on the conference program. INFORMATION Official language: English Venue: Hellenic American Union Conference Center (Massalias 22 Athens) Hours: 9:00 to 17:00 Registration fee: 50 for ISACA members 70 for non ISACA members 50 for more than 2 registration from the same company Fees are subject to 23% VAT You can register with the Hellenic American Union. For further information, please contact: Eleni Tsirigoti, PMP Vocational Training Section, Hellenic American Union Tel: 210 3680907, email: etsirigoti@hau.gr ISACA Athens Chapter www.isaca.gr, education@isaca.gr

Find out more about our speakers and the program KEYNOTE PRESENTATIONS The 'R' in GRC Risk Management in Times of Crisis with Rolf von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, President of Forfa AG Abstract: In the context of financial and economic crises, traditional risk management has shown some limitations. Much of today s risk landscape has reverted to categories of risk, and to threats, that are intrinsic to the use of critical information infrastructures. The presentation will highlight developments in European risk management as well as new (or old?) risks that must be addressed by senior management. BIO: Rolf is the president of Forfa AG, a Swiss consulting network, and a retired partner at KPMG Germany. Rolf has served as Head of IT for the EMEA region in a leading global security firm. He is a former member of the Board of Directors at the Business Continuity Institute (BCI). He joined ISACA s Security Management Committee in 2005. He chaired the working group for ITGI s IT Control Objectives for Basel II publication and is currently a member of ISACA s Framework Committee and Professional Influence and Advocacy Committee. He has published extensively on business continuity management, disaster recovery, crisis management and security matters. Most recently, he authored the Business Model for Information Security published by ISACA. Are we receiving value from our investment in IT risk management? with John Mitchell, PhD, CEng, CITP, MBA, FBCS, CISA, CGEIT, CFIIA, QiCA, CFE, Managing Director, LHS Business Control, UK Abstract: This presentation will discuss the value of IT risk management processes and policies when money is tight. In particular this presentation will answer a few critical questions about controls and risk management such as: Can we explain what a control is? Does it slow down our systems and what is really providing us with? How our controls work? The working of a control is a mystery to most people, including auditors, but if we don t know how they work how we can assess their effectiveness and whether they are worth the investment. Do our controls really manage our IT risks? Many risk registers indicate a move from inherent red risk to residual green risk as the result of controls being in place. However, is the red to green really justified? Is the control suitably designed and implemented to justify the move? Does it reduce likelihood, or consequence, because a single control cannot do both things? Can we measure our control effectiveness? Are we able to state that a control is good or bad and do we have monitors and early warning indicators in place to alert us of a potential failure? What is the impact of poor control in business terms? Because many IT controls are invisible, security staff find it difficult to describe the impact of a control failure in business terms. Audit reports should also alert business management to the consequences associated with the findings. Finally, when money is tight, any increment in security management should be justified in business terms, followed by a total cost benefit analysis. And how much should we spend on security during a financial crisis? This can only be answered by looking outside the security arena and considering all the investments on which the enterprise should spend its limited money. BIO: Dr. Mitchell is an international authority on corporate governance, risk management, cyber crime and the impact of regulatory and compliance issues on the delivery of IT services. He is a Fellow of both the Institute of Internal Auditors and the British Computer Society, where he is a member of its governing Council. He is also chair of the Audit Committee of ISACA s London Chapter and holds ISACA s prestigious John Kuyers award for best conference contributor. He has over 30 years practical governance experience and an international reputation for advising organisations on their governance strategies and associated methodologies. This is coupled with a strong academic background, which includes research, extensive publications and teaching at the post graduate level. John has been an expert adviser in a number of UK commercial and criminal cases and has been featured in a major British computing publication as the IT Detective.

SPEAKING SLOTS Aligning emergency and crisis with Information Security Vasilis Katos, Assistant Professor, Information and Communications Systems Security, Democritus University of Thrace Abstract: In this talk Dr. Katos will attempt to identify the challenges and ripples the late financial crisis may cause to the information security landscape. By highlighting the differences between being placed in a state of crisis rather in a state of emergency, we ought to challenge best practices, security trade offs and roles relating to, or adjunct to information security within an organization. We are experiencing a need for re organizing information security functions and reprioritizing requirements, as the ever increasing complexity of systems and, in many cases, critical infrastructures, is taking place in not so friendly socio economic environments. BIO: Vasilis Katos is Assistant Professor of Information and Communications Systems Security at Democritus University of Thrace. Prior to this post he was Principal Lecturer and course tutor for the MSc in Forensic IT at the University of Portsmouth in the UK. He is a certified Computer Hacking Forensic Investigator (CHFI). His research is in information security and privacy, computer forensics and incident response, with his work being funded by national and European bodies. He has over 50 publications in journals, book chapters and conference proceedings and serves as a referee on several reputable conferences and journals. In terms of research recognition, he has received keynote speech invitations for international conferences and his research has been addressed by reputable magazines such as the New Scientist. He is Academic Advocate ISACA and served as a member of the Institute of Information Security Professionals. In terms of industrial experience, he was security consultant for Cambridge Technology Partners (Novell, Inc) for two years and a defense expert for a criminal court in the UK. Project Management, Risk Management and IT Stavroula Minasidou, PMP, Senior Manager, IT Advisory, KPMG Advisors AE Abstract: It is a fact that all projects carry risk. Timely risk planning and mitigation means less demand on leadership s time to address fire. Regardless of conditions, improving an organization s performance in project risk management and incorporating this critical activity in a consistent, disciplined and integrated project management framework can increase the success and value of its initiatives. The presentation will give an overview of a successfully applied project management framework, focusing in project risk management activity in IT projects. BIO: Stavroula Minasidou is a Senior Manager in KPMG, responsible for the IT Project Management service line which includes Portfolio, Program and Project Management services and process framework design, as well as PMO set up, staffing and running. With over of 15 years of experience, she has implemented a wide range of projects in the area of project management, business processes reengineering and ERP systems implementation. She has also significant experience in training professionals, having designed and executed Project/ Program Management seminars for large companies of private sector. Global trends in Information Security Risk Management and the Greek perspective Gregorios Themistocleous, CISA, CRISC, ITIL, Senior Manager, Ernst & Young Advisory Services Abstract: An increasing number of businesses are moving into the virtual world. Physical boundaries are disappearing as more data is transmitted over the internet. Further, software is having more of an impact on business models as cloud computing, social networking and mobile devices become more prevalent. Based on thousands of interviews with C level executives and information security experts, and research amongst 1,700 participants in 52 countries, this year's survey found that although globally many information security budgets are increasing, there is a growing gap between current needs and what information security is achieving. There is still much more that can be done to protect information and manage information risk. Both globally and particularly in Greece we believe that it is time to get back to basics and define a clear information security strategy and improvement agenda to help information security out of the fog. BIO: Greg is a Senior Manager at Ernst & Young Advisory Services. He has been involved with information systems, internal audit, risk and control assessments services since 1998. In the course of his professional career he has served a number of clients in the manufacturing, petrochemicals, telecommunications, media, health, banking and insurance industry sectors.

Greg has gained extensive experience in IT audit and security, especially in the areas of internal & financial audit, SOX and Enterprise Resource Planning applications (ERP), namely SAP, through a number of engagements in different countries across South East Europe. Greg is Information Technology Infrastructure Library (ITIL Foundation v3) certified, a Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and a member of the Information Systems Audit and Control Association (ISACA). He holds an M.Sc. in Analysis, Design and Management of Information Systems from the London Schools of Economics (UK) and a B.A. degree in Business Economics and Organizational Studies from the University of Reading (UK). Human Firewalls: Making your people an effective line of defense Αsterios Voulanas, CISA, CIA, CA, Partner, Technology Assurance, PwC Greece Abstract: Over the years, many organizations have heavily invested in technology solutions to protect information assets, yet financial losses due to cyber crime continue to grow despite major steps forward in technical defenses. More recently, public attention has been repeatedly drawn to the threats posed by mishandling of personal information by employees. Although technical defenses are vital, such point solutions can also create a false sense of security. We tend to forget that there is always a human element; negligence, ignorance, anger or even curiosity that can give rise to incidents. Accordingly, what is required is a new approach, in which an investment in understanding and influencing the behaviours of all those concerned is better balanced against the continued investment in technology solutions. BIO: Asterios Voulanas is PwC partner with 20 years of experience in the fields of technology governance, risk and compliance that helps clients gain value from their investments in IT and security. He is responsible for the IT Assurance, Technology Governance, Security and Forensics practice in Greece. Asterios has authored a number of articles on information security on behalf of the firm for local Greek IT publications and newspapers. Asterios has led and managed a large number of PwC Greece s IT governance, risk and security projects for a large portfolio of multinational and Greek clients. He has strong expertise in assessing and developing security and governance frameworks that address emerging and changing business and technology risks including those driven by industry or regulatory frameworks such as CoBiT, ISO27001, PCI DSS, Privacy, Telecommunication and Banking specific regulations. His experience spans various industries and client segments including financial services, telecommunications, manufacturing, retail, shipping and logistics. Asterios has a BA Latrobe University and Post Graduate Diploma Monash University Melbourne, Australia (Majors Legal Studies, Accounting & IT). He is a Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) and Australian Chartered Accountant (CA) This is a preliminary list of speakers and presentations. Stay in touch at www.hau.gr and www.isaca.gr for updates.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information