> <


Conference Speakers

ISACA Keynote Speakers


OPENING ISACA Keynote Presentation - “Cybersecurity Nexus (CSX)”
Dr. Christos Dimitriadis, INTRALOT Group Director of Information Security
ISACA International President 2015-2016, Ph.D., CISA, CISM, CRISC


Abstract: In this keynote, Christos will present an overview of the Cyber Threat landscape and present ISACA CSX, the new Cyber Security Program of ISACA. Christos will also discuss how several professions are impacted by the emerging Cyber Threats internationally, as well as the response at a policy level in several jurisdictions.


BIO: International President Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC , is group director of Information Security for INTRALOT (Greece) He has served ISACA as international vice president for three terms, has been a member of the Board of Directors for four terms, chaired the Knowledge Board, the External Relations Committee, the COBIT for Security Task Force, and has been a member of the Relations Board, Academic Relations Committee, Journal Editorial Committee and Business Model for Information Security Workgroup.




CLOSING ISACA Keynote Presentation – “Big Data and Data Visualization”
Rosemary Amato, CISA, CMA, CPA
ISACA International Vice President, Deloitte Netherlands


Abstract: How do you start tackling risk concerns that may become evident when you use Big Data? Key Concepts surrounding an understanding of Big Data will be presented. Should an advanced data visualization tool be used or not used with Big Data? Qlik will be discussed with a case study of an implementation to showcase how to recognize risks within your Big Data.


BIO: International Vice President Rosemary M. Amato, CISA, CMA, CPA, is a Director within the Dutch member firm of Deloitte, based in Amsterdam. Her current role is that of Program Director for Global Client Intelligence. Her previous roles included being the Global Enterprise Risk Services Knowledge Management leader and a client service practitioner for 12 years serving Consumer Business, Manufacturing and Life Sciences clients in the areas of IT Audit, Internal Audit, Security and Privacy controls, GRC and other Risk offerings. She has been a member of ISACA’s Knowledge Board, and previously co-chaired their Knowledge Management and Education Committee. She also served on the first ISACA Knowledge Management Task Force team. She is a CISA, as well as a CPA, CMA and a Six Sigma Green Belt.



Expert Speakers (in alphabetical order)


From commodity to true value: how to give essence to IT audit today
with Mr. Antal Lajos, Partner, Enterprise Risk Services - Cyber Risk Services, Deloitte Hungary



Abstract: IT audit has always been an engagement that professionals treated as a commodity, the service providers delivering the IT audits followed similar workplans, steplines and delivered results in similar ways to address the client`s IT systems. We are all aware of the so called low-hanging-fruits that mean the password policies, log systems, the segregation of duty restrictions and the list goes on. Honestly, this approach ticks the boxes and looks like something of value on a board meeting agenda, but does not address real challenges and issues. This approach does not take into account the organizations size, industry, vulnerable points and the constantly changing cyber risk landscape. This approach no longer –if it ever – delivers true value to the client organizations and does not help them develop their IT security strategy in a way that reduces/mitigates risk and builds a strong and effective IT security system. Lajos Antal has over 20 years of IT security experience and in addition to the penetration, vulnerability tests, his team delivers IT audits on regular basis. He will speak about how the security industry evolved in the past few years and what he sees as the challenges of IT auditors. Lajos will speak about how the security industry evolved in the past few years and what he sees as the challenges of IT auditors.


BIO: Lajos Antal, Partner, Enterprise Risk Services - Cyber Risk Services, Deloitte Hungary is head of the Hungarian Deloitte Cyber Risk Services team. Lajos has over 18 years Big4 Security Consulting experience. He led and performed high number of security penetration tests primarily for clients across Europe. He also led many large scale IT security risk assessment project. Lajos has in depth knowledge of open systems security and is a specialist of IBM mainframe security. In addition, Lajos is also an experienced forensic&fraud examiner and has led and completed several fraud related investigations – from the stage of forensic data collection, imaging to giving the witness testimonies at courts to support clients` legal claims - with his team.




Big Data – Data Protection & Privacy – Fact or Fiction?
with Ms. Athena Bourka, Expert in Network & Information Security, ENISA


Abstract: The presentation will present the main privacy risks associated with big data and will explore relevant technologies that can support the protection of personal data in the big data era.


BIO: Athena Bourka, received from NTUA her PhD on information security in 2002. For the period 2004-2013 was employed in the Auditors Department of the Hellenic Data Protection Authority (HDPA). During that time she was seconded twice as a National Expert on IT privacy and security to the European Data Protection Supervisor (EDPS). In January 2014 she joined the European Network and Information Security Agency’s (ENISA) team on privacy and trust.




In the Cloud we trust
with Dejan Cvetkovic, Chief Technology Officer of Microsoft, Central and East Europe.


Abstract: In a mobile-first, cloud-first world, trust is more important than ever. At Microsoft, we believe that organizations won’t use technology they don’t trust. That is why we want to show you a customer case study and the values, principles and specific Finance Compliance Program that Microsoft implements as cloud service provider so as to assist Financial Institution customers to meet their compliance and security needs. Microsoft cloud services are designed, developed, and operated to help ensure customer data is secure. We also provide an appropriate level of transparency into our practices and actions. As your partner, we want to provide the level of assurance that you need to be able to trust the use of cloud computing services, so that you can focus more on your core business.


BIO: Dejan Cvetkovic is the Chief Technology Officer of Microsoft, Central and East Europe. Having gained an education in Serbia he then built his career within Microsoft Canada in a wide variety of positions, ranging from software development to business development. Some of the innovative projects where he led teams and developed solutions include the very first e-banking for HSBC and e-government for Western Canada back in mid 90s. In 2003, Dejan was appointed as a first General Manager for the newly formed country team of Microsoft Serbia and Montenegro. In 2008 Dejan assumed the role of Microsoft public sector business director for Central and East Europe, multicountry region, where he has brought together a strong and ambitious team of professionals that forged relationships with a network of 1000+ local partners and generated a list of clients that reads as the Who’s Who of Central and East Europe business and technology, but also includes educational institutions, humanitarian projects and international organizations. Dejan also held a position of the President of the American Chamber of Commerce in Serbia striving for simplicity in laws, regulations and procedures in order to accelerate the attraction of the Foreign Direct Investments. In his current role, Dejan works with the Government officials, policy makers and influencers to help paint the technology vision of the countries in CEE.




Digital forensics in the evolving socio-technical landscape
with Dr. Vasilis Katos, Professor, Bournemouth University, United Kingdom


Abstract: The unprecedented rise of cyber crime is a direct consequence of the wide adoption of personal digital devices such as smartphones and tablets used for both personal and business purposes. When a cyber crime is committed, first responders and forensic analysts are faced with a number of challenges when conducting digital investigations. On the other hand, the wealth of information that can be found online and in a digital form may potentially work in the investigators favour. In this talk, the challenges resulting from the increased systems complexity will be outlined and strategies for identification of a cyber offender and their modus operandi will be presented.


BIO: Professor Vasilis Katos is Head of Computing at Bournemouth University. Prior to this post he was Associate Professor at Democritus University of Thrace in Greece and Principal Lecturer and course tutor for the MSc in Forensic IT at the University of Portsmouth in the UK.




OWASP Application Security Verification Standard (ASVS)
with Mr. Jim Manico, founder of Manicode Security and Global Board Member for the OWASP foundation


Abstract: This talk with discuss the OWASP Application Security Verification Standard 3.0 standard which was just released in October 2015. The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls. The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications.


BIO: Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization. He is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill.




Two Stories of Leadership and Data from Ancient Greece - Insight from our heritage through the art of story telling
with Mr. Artemios Miropoulos, Managing Director, Linkage Inc. Greece


Abstract: Two stories of Leadership from Ancient Greece that link to modern corporate and social reality and surface different traits and behaviors such as prejudice, judgement, data management and interpretation.


BIO: Artemios Miropoulos, Leaders Developing Leaders - Managing Partner Linkage Greece. After a career that reached senior positions in multinational organizations, Artemios Miropoulos is now a co-owner of Linkage in Greece, US most highly respected Leadership Development company. He is working with senior and middle management teams of large domestic and international corporations as a workshop facilitator, an executive coach and a public speaker. He has studied Mechanical Engineering, Marketing and HR and Performance Management in Greece and abroad. He lives in Athens with his wife Julie and their three daughters.




Online (in) security: The current threat landscape
with Mr. Nikolaos Tsalis, Researcher, INFOSEC Laboratory, Athens University of Economics & Business



Abstract: Browsers enable the user to surf over the Internet and access web sites that may include social media, email service, etc. However, such an activity incorporates various web threats (e.g. tracking, malicious content, etc.) that may imperil the user’s data and any sensitive information involved. Therefore, web browsers offer pre-installed security controls to protect users from these threats. Third-party browser software (i.e. add-ons) is also available that enhances these pre-installed security controls, or substitutes them. This presentation will talk about which are the current web threats, along with the security mechanisms that are available for protection. In addition, there will be an evaluation presented regarding the aforementioned defences, so as to clear out whether the provided security is adequate or not.


BIO: Nick Tsalis is a PhD candidate at the AUEB. He participated in Greek projects as an analyst and penetration tester, funded by various agencies such as the Ministry of Finance, General Secretariat of Information Systems and General Secretariat for Digital Plan.




Preparing for the new Cyber battlefield
with Mr. Christos Vidakis, CISA, CISSP, CISM, ISO 27001, Senior Manager, Risk Consulting and Forensic Technology, KPMG Greece


Abstract: The e-World is changing, the Cyber battlefield is not an exception. Whilst Cyber Security is on top of many board agendas, organizations struggle to properly assess, measure and communicate to what extent their business is resilient against cyber-attacks in order to develop a strategy on “how to balance their efforts” and “where to invest” for the new Cyber battlefield. Christos Vidakis will present a “positive” approach to managing Cyber risks, leveraging KPMG’s Cyber Threat Intelligence model to set organizations free from fear, uncertainty and doubt, free to challenge, to invest and to change.


BIO: Christos Vidakis, CISA, CISSP, CISM, ISO 27001 LA is a Senior Manager, Risk Consulting and Forensic Technology in KPMG Greece. He has more than twelve years of information systems security, auditing and technology experience, with special emphasis on cyber security and continuous security testing engagements. Christos also directs the Forensic technology practice, guiding clients from discovery preparedness diagnostic to timely, accurate and effectively response to IT fraud incidents, suspected security breaches and assisting in taking preventative measures for the future. He has conducted tens of international electronically stored information (ESI) collections and analysis and he can demonstrate deep experience in both proactive and reactive data analytics fraud analysis, digital evidence collection and analysis as also incident response. Christos has directed and managed the technology integration aspects of financial statement audits, has designed and implemented information security management systems, and has performed and managed a number of security assessments and system implementations such as SSAE 16/ISAE3402, SOC, PCI/DSS, SOX 404 and ISO 27001.



Cybersecurity Workshop


Cyber Security Fundamentals Workshop

Facilitator:
Dr. Konstantinos Papapanagiotou,
Information Security Services Sales Manager at OTE, OWASP Greek Chapter Leader,
ISACA Cyber Security Nexus Liaison for Greece



BIO: Dr. Konstantinos Papapanagiotou is Information Security Services Sales Manager at OTE. In the past he has led teams of consultants, helping large organizations in Greece, Cyprus, Balkans and the Middle East improve their security posture. He has more than 12 years of experience in the field of information security both as a corporate consultant and as a researcher. Konstantinos holds a BSc and PhD in Information Security from the University of Athens and an MSc in Information Security with distinction from Royal Holloway. He is also leading the OWASP Greek Chapter and is an ISACA CyberSecurity Nexus Liaison for Greece.




Conference Chairman


Dr. Dimitrios Gritzalis

Professor, Athens University of Economics and Business


BIO: Dr. Dimitris Gritzalisis a Professor of ICT Security and the Director of the Information Security and Critical Infrastructure Protection Research Group (www.cis.aueb.gr) with the Dept. of Informatics of the Athens University of Economics and Business, Greece. He holds a B.Sc. (Mathematics, Univ. of Patras), a M.Sc. (Computer Science, City University of New York), and a Ph.D. (Critical Information Systems Security, Univ. of the Aegean).