View All Past Conferences


Athens, 2 December 2011 - Hellenic American Union Conference Center





Opening Remarks: Anestis Demopoulos, President, ISACA Athens Chapter - Christos Dimitriadis, ISACA International VP & Conference Chair - Joyce Vassiliou, President, Hellenic Institute of Internal Auditors - KrikorManoukian, Secretary, itSMF Hellas

09:15- 10:00

KEYNOTE Presentation
Are we receiving value from our investment in IT risk management?
John Mitchell, LHS Business Control-UK

10:00 - 10:30

Project management, risk management and IT
Stavroula Minasidou, KPMG Advisors SA

10:30 - 11:00

ENISA activities on Privacy and Trust area
Rodica Tirtea, ENISA

11:00 - 11:30

Coffee Break

11:30 - 12:00

IT Governance: from Value Governance to benefits realization in a controlled environment
George Papoulias, National Bank of Greece

12:00 - 12:30

Human Firewalls: Making your people an effective line of defense
Asterios Voulanas, PwC Greece

12:30 - 13:00

Global trends in Information Security, risk management and the Greek perspective
Gregorios Themistocleous, Ernst & Young Advisory Services

13:00 - 14:00

Lunch Break

14:00 - 14:45

KEYNOTE Presentation
The “R” in GRC – Risk management in times of crisis
Rolf Von Roessing, Forfa AG

14:45 - 15:15

Aligning emergency and crisis with information security
Vasilis Katos, Democritus University of Thrace

15:15 - 15:45

Coffee Break

15:45 - 16:15

Cloud e-mail services: security, compliance and privacy
Nasos Kladakis, Microsoft Hellas

16:15 - 16:45

ISACA Membership & Certifications Value

16:45 - 17:30

Round Table Discussion: IT Audit, Security and Governance challenges
Panelists Rolf von Roessing-Forfa AG, John Mitchell-LHS Business Control, Leonidas Hatzikonstantis- Ernst & Young, Joyce Vassiliou-Hellenic Institute of Internal Auditors, MarousaThiakaki-National Bank of Greece, Georgios Vlastos-National Bank of Greece
Moderator: Christos Dimitriadis, Intralot SA, ISACA International VP


End of conference



The 'R' in GRC ‐ Risk Management in Times of Crisis
with Rolf von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, President of Forfa AG

Abstract: In the context of financial and economic crises, traditional risk management has shown some limitations. Much of today´s risk landscape has reverted to categories of risk, and to threats, that are intrinsic to the use of critical information infrastructures. The presentation will highlight developments in European risk management as well as new (or old?) risks that must be addressed by senior management.

BIO: Rolf is the president of Forfa AG, a Swiss consulting network, and a retired partner at KPMG Germany. Rolf has served as Head of IT for the EMEA region in a leading global security firm. He is a former member of the Board of Directors at the Business Continuity Institute (BCI). He joined ISACA's Security Management Committee in 2005. He chaired the working group for ITGI's IT Control Objectives for Basel II publication and is currently a member of ISACA's Framework Committee and Professional Influence and Advocacy Committee. He has published extensively on business continuity management, disaster recovery, crisis management and security matters. Most recently, he authored the Business Model for Information Security published by ISACA.


Are we receiving value from our investment in IT risk management?
with John Mitchell, PhD, CEng, CITP, MBA, FBCS, CISA, CGEIT, CFIIA, QiCA, CFE, Managing Director, LHS Business Control, UK

Abstract: This presentation will discuss the value of IT risk management processes and policies when money is tight. In particular this presentation will answer a few critical questions about controls and risk management such as: Can we explain what a control is? Does it slow down our systems and what is really providing us with? How our controls work? The working of a control is a mystery to most people, including auditors, but if we don't know how they work how we can assess their effectiveness and whether they are worth the investment. Do our controls really manage our IT risks? Many risk registers indicate a move from inherent red risk to residual green risk as the result of controls being in place. However, is the red to green really justified? Is the control suitably designed and implemented to justify the move? Does it reduce likelihood, or consequence, because a single control cannot do both things? Can we measure our control effectiveness? Are we able to state that a control is good or bad and do we have monitors and early warning indicators in place to alert us of a potential failure? What is the impact of poor control in business terms? Because many IT controls are invisible, security staff find it difficult to describe the impact of a control failure in business terms. Audit reports should also alert business management to the consequences associated with the findings. Finally, when money is tight, any increment in security management should be justified in business terms, followed by a total cost‐benefit analysis. And how much should we spend on security during a financial crisis? This can only be answered by looking outside the security arena and considering all the investments on which the enterprise should spend its limited money.

BIO: Dr. Mitchell is an international authority on corporate governance, risk management, cyber crime and the impact of regulatory and compliance issues on the delivery of IT services. He is a Fellow of both the Institute of Internal Auditors and the British Computer Society, where he is a member of its governing Council. He is also chair of the Audit Committee of ISACA's London Chapter and holds ISACA's prestigious John Kuyers' award for best conference contributor. He has over 30 years practical governance experience and an international reputation for advising organisations on their governance strategies and associated methodologies. This is coupled with a strong academic background, which includes research, extensive publications and teaching at the post‐graduate level. John has been an expert adviser in a number of UK commercial and criminal cases and has been featured in a major British computing publication as the 'IT Detective'.



Aligning emergency and crisis with Information Security
Vasilis Katos, Assistant Professor, Information and Communications Systems Security, Democritus University of Thrace

Abstract: In this talk Dr. Katos will attempt to identify the challenges and ripples the late financial crisis may cause to the information security landscape. By highlighting the differences between being placed in a state of crisis rather in a state of emergency, we ought to challenge best practices, security trade‐offs and roles relating to, or adjunct to information security within an organization. We are experiencing a need for re‐organizing information security functions and reprioritizing requirements, as the ever increasing complexity of systems and, in many cases, critical infrastructures, is taking place in not so friendly socio‐economic environments.

BIO: Vasilis Katos is Assistant Professor of Information and Communications Systems Security at Democritus University of Thrace. Prior to this post he was Principal Lecturer and course tutor for the MSc in Forensic IT at the University of Portsmouth in the UK. He is a certified Computer Hacking Forensic Investigator (CHFI). His research is in information security and privacy, computer forensics and incident response, with his work being funded by national and European bodies. He has over 50 publications in journals, book chapters and conference proceedings and serves as a referee on several reputable conferences and journals. In terms of research recognition, he has received keynote speech invitations for international conferences and his research has been addressed by reputable magazines such as the New Scientist. He is Academic Advocate ISACA and served as a member of the Institute of Information Security Professionals. In terms of industrial experience, he was security consultant for Cambridge Technology Partners (Novell, Inc) for two years and a defense expert for a criminal court in the UK.


Cloud e‐mail services: security, compliance and privacy
Nasos Kladakis
, Solutions Specialist, MCT CTT+, Microsoft Hellas

Abstract: Companies can benefit from cloud services like Office 365 or Exchange online, especially in the current economic environment. When allowing an external service provider to store and manage their data, companies consider security, data protection, privacy, and data ownership. This session provides an overview of the security, continuity, privacy, and compliance policies and controls of cloud services for enterprises, like Office 365 services."

BIO: Nasos Kladakis is a Solutions Specialist at Microsoft Hellas. He is responsible for providing core infrastructure, management, identity and security solutions to Microsoft customers. Before joining Microsoft, Nasos worked as Independent Consultant and Technical Trainer, participating in a broad range of corporate IT initiatives, planning and implementing IT solutions for many companies in the Greek market. Nasos holds several professional certifications on Microsoft Technologies and has been a prominent speaker at numerous Technology Events around the world. Nasos holds a MSc in Chemical Engineering and an MBA from the National Technical University of Athens


Project Management, Risk Management and IT
Stavroula Minasidou
, PMP, Senior Manager, IT Advisory, KPMG Advisors AE

Abstract: It is a fact that all projects carry risk. Timely risk planning and mitigation means less demand on leadership's time to address fire. Regardless of conditions, improving an organization's performance in project risk management and incorporating this critical activity in a consistent, disciplined and integrated project management framework can increase the success and value of its initiatives. The presentation will give an overview of a successfully applied project management framework, focusing in project risk management activity in IT projects.

BIO:Stavroula Minasidou is a Senior Manager in KPMG, responsible for the IT Project Management service line which includes Portfolio, Program and Project Management services and process framework design, as well as PMO set up, staffing and running. With over of 15 years of experience, she has implemented a wide range of projects in the area of project management, business processes reengineering and ERP systems implementation. She has also significant experience in training professionals, having designed and executed Project/ Program Management seminars for large companies of private sector.


IT Governance: from Value Governance to benefits realization in a controlled environment
George Papoulias
, CISA, CGEIT, CRISC, Senior Project Manager, Business processes Division, National Bank of Greece

Abstract: Local and International Bank's due to a global financial crisis face tough economic conditions. IS/IT executives in order to ensure effective IT Governance have to align IS with business objectives, deliver value, manage risk and resources and achieve synergies within the organization. In today's IS/IT Governance and Management Enterprise Model making the right IT investment decisions is both critical and challenging. How can you ensure that only those IS/IT Programs/Projects that provide the highest value to the business, actually get implemented, even across such a diverse technology landscape? A framework that enables the creation of business value from IT‐enable investments with a set of practical governance principles, processes, and supporting guidelines is of a paramount importance in any organization. Yet, without sound IT Governance and Management there is an equally significant risk to destroy value.

This presentation will provide insights on how an IS/IT Governance Model can support the IS/IT Strategy and the Business and IT Processes in order for the organization to perform on economics of scale, to propose and validate enabling solutions, to understand emerging technologies, to deliver successful programs/projects, and to build standard and reliable technology platforms. A Road Map from design to implementation with the use of known frameworks and de facto standards like COBIT, VAL IT, RISK IT, PMBOK, ITIL and CMMI will be presented.

BIO: George Papoulias is holding the position of Senior Project Manager in Business Processes Organization (BPO) Division at National Bank of Greece and is the liaison between BPO and the Bank's SOX UNIT, Internal Audit, Risk Management and Compliance Division. Prior to this position he was a Senior IS Auditor within the same Organization. He has more than 17 years of IS/IT Governance, Program/Project Management, Audit, Risk Management and Software Engineering, experience in Greece, Switcherland, Portugal, Turkey, Saudi Arabia, Bulgaria and Albania in the Banking Sector. He managed successful projects implementing Banking Software as a Senior Business Consultant/Project Manager internationally in Deutsche Bank Private Banking, Saudi Hollandi Bank, Al Rajhi Bank and locally in PROBank. He served as an IT Services Manager (Atos Origin Major Events) in the Athens 2004 Olympic Games, as an Information Engineer in Risk Management Division of Piraeus Bank and as a Systems Analyst and Software Engineer in the IS/IT Division of Citibank and ABN‐AMRO Bank. He is also the Vice President/Membership of the BOD of the PMI Greece Chapter and a Member of the ISACA Athens Chapter Audit Committee. George is a CIS graduate from W.P. Carey School of Business, Arizona State University with specialization in Information Management, Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC).


Global trends in Information Security Risk Management and the Greek perspective
Gregorios Themistocleous
, CISA, CRISC, ITIL, Senior Manager, Ernst & Young Advisory Services

Abstract: An increasing number of businesses are moving into the virtual world. Physical boundaries are disappearing as more data is transmitted over the internet. Further, software is having more of an impact on business models as cloud computing, social networking and mobile devices become more prevalent. Based on thousands of interviews with C‐level executives and information security experts, and research amongst 1,700 participants in 52 countries, this year's survey found that although globally many information security budgets are increasing, there is a growing gap between current needs and what information security is achieving. There is still much more that can be done to protect information and manage information risk. Both globally and particularly in Greece we believe that it is time to get back to basics and define a clear information security strategy and improvement agenda to help information security out of the fog.

BIO: Greg is a Senior Manager at Ernst & Young Advisory Services. He has been involved with information systems, internal audit, risk and control assessments services since 1998. In the course of his professional career he has served a number of clients in the manufacturing, petrochemicals, telecommunications, media, health, banking and insurance industry sectors. Greg has gained extensive experience in IT audit and security, especially in the areas of internal & financial audit, SOX and Enterprise Resource Planning applications (ERP), namely SAP, through a number of engagements in different countries across South East Europe. Greg is Information Technology Infrastructure Library (ITIL Foundation v3) certified, a Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and a member of the Information Systems Audit and Control Association (ISACA). He holds an M.Sc. in Analysis, Design and Management of Information Systems from the London Schools of Economics (UK) and a B.A. degree in Business Economics and Organizational Studies from the University of Reading (UK).


ENISA activities on Privacy and Trust Area 
Dr. Rodica Tirtea
, Technical Competence Department, European Network and Information Security Agency – ENISA

Abstract: Privacy, freedom of expression and freedom of information are considered as basic rights are anchored within the EU legal framework. However certain aspects of protection of personal data are difficult to address and implement entirely. An increase in awareness of privacy and security concepts within organisations and industry sectors appears to be desirable, in order to maintain a high level of security and confidence on the part of users and society in the ICT infrastructure and services provided within the EU. ENISA is working in the area of privacy and trust since 2010 and identified already key challenges and proposed recommendations. Clearly, privacy challenges cannot only be solved by technological means. There is a need for a multi‐disciplinary approach that considers economic factors, education, legal and technological aspects. A global understanding and a pan‐European approach is needed, and certainly ENISA can support this.

BIO: Rodica Tirtea joined Security Tools and Architecture Section of ENISA in November 2009. Her work covers topics such privacy & trust, resilience and cryptography. Previously she worked as a lecturer in University of Oradea (Romania). Between 2001 and 2005 she worked as a researcher in ESAT/K.U.Leuven (Belgium). Her research activity focused on dependability and security aspects of distributed systems and applications (i.e. control systems of electric power infrastructure). Her work has been disseminated through several projects deliverables and more than 20 papers authored and co‐authored in international conference proceedings and journals. She holds PhDs in Engineering from K.U.Leuven (Belgium) and in Computer Science from 'Politehnica' University of Timisoara (Romania) since 2005 and 2007 respectively. She graduated Computer Science and Economics at the University of Oradea.


Human Firewalls: Making your people an effective line of defense
Αsterios Voulanas
, CISA, CIA, CA, Partner, Technology Assurance, PwC Greece

Abstract: Over the years, many organizations have heavily invested in technology solutions to protect information assets, yet financial losses due to cyber‐crime continue to grow despite major steps forward in technical defenses. More recently, public attention has been repeatedly drawn to the threats posed by mishandling of personal information by employees. Although technical defenses are vital, such point solutions can also create a false sense of security. We tend to forget that there is always a human element; negligence, ignorance, anger or even curiosity that can give rise to incidents. Accordingly, what is required is a new approach, in which an investment in understanding and influencing the behaviours of all those concerned is better balanced against the continued investment in technology solutions.

BIO: Asterios Voulanas is PwC partner with 20 years of experience in the fields of technology governance, risk and compliance that helps clients gain value from their investments in IT and security. He is responsible for the IT Assurance, Technology Governance, Security and Forensics practice in Greece. Asterios has authored a number of articles on information security on behalf of the firm for local Greek IT publications and newspapers. Asterios has led and managed a large number of PwC Greece's IT governance, risk and security projects for a large portfolio of multinational and Greek clients. He has strong expertise in assessing and developing security and governance frameworks that address emerging and changing business and technology risks including those driven by industry or regulatory frameworks such as CoBiT, ISO27001, PCI‐DSS, Privacy, Telecommunication and Banking specific regulations. His experience spans various industries and client segments including financial services, telecommunications, manufacturing, retail, shipping and logistics. Asterios has a BA Latrobe University and Post Graduate Diploma Monash University Melbourne, Australia (Majors Legal Studies, Accounting & IT). He is a Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) and Australian Chartered Accountant (CA)



Christos K. Dimitriadis, CISA, CISM, CRISC, Heald of Information Security for Intralog Group, Vice President of ISACA.

BIO: Christos K. Dimitriadis, CISA, CISM, is a Vice President of ISACA. He also is the Head of Information Security for INTRALOT GROUP, a multinational supplier of integrated gaming and transaction processing systems based in Greece, managing information security in more than 50 countries in all continents. Dimitriadis has served ISACA as chairman of the External Relations Committee and member of the Relations Board, Academic Relations Committee, ISACA Journal Editorial Committee and Business Model for Information Security Workgroup.

He has been working in the area of information security for 11 years and has authored 70 publications in the field. He has been providing information security services to the ITU, European Commission Directorate Generals, European Ministries and international organizations, as well as business consulting services to entrepreneurial companies. Dimitriadis received a diploma of electrical and computer engineering from the University of Patras, Greece, and a Ph.D in information security from the University of Piraeus, Greece. Stay in touch at and for updates.