1.
Athens, 2 December 2011
Hellenic American Union Conference Center
ISACA Athens Chapter and the Hellenic American Union are organizing the 1st ISACA Athens Chapter Conference on
December 2nd, 2011.
The theme of the conference is: “IT Audit, Security & Governance Challenges in Financial Crisis”. Renowned experts from
the IT industry will share their experience and best practices In deploying successful strategies and implementation
approaches around key issues facing IT assurance, security and governance professionals today, dealing with challenges
raised from the financial crisis and the overall business & economic environment. The conference will also provide a
platform for discussion on key issues faced today, such as:
 How does the current business & economic landscape change the IT related risk environment?
 What should the target areas and priorities of a successful security program be?
 How can IT governance initiatives facilitate business objectives, drive IT and business alignment and demonstrate
the value of IT investments?
 What are the main risks and challenges in IT projects today?
Earn a minimum of 6 CPEs and 6 PDUs
KEYNOTES
Are we receiving value from our investment in IT risk management?
with John Mitchell, PhD, CEng, CITP, MBA, FBCS, CISA, CGEIT, CFIIA, QiCA, CFE, Managing Director, LHS Business Control,
UK
Dr. Mitchell is an international authority on corporate governance, risk management, cyber‐crime and the impact of
regulatory and compliance issues on the delivery of IT services. He is a Fellow of both the Institute of Internal Auditors and
the British Computer Society, where he is a member of its governing Council. He is also chair of the Audit Committee of
ISACA’s London Chapter and holds ISACA’s prestigious John Kuyers’ award for best conference contributor. He has over 30
years practical governance experience and an international reputation for advising organizations on their governance
strategies and associated methodologies. This is coupled with a strong academic background, which includes research,
extensive publications and teaching at the post‐graduate level. John has been an expert adviser in a number of UK
commercial and criminal cases and has been featured in a major British computing publication as the ‘IT Detective’.
The 'R' in GRC ‐ Risk Management in Times of Crisis
with Rolf von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, President of Forfa AG
Rolf is the president of Forfa AG, a Swiss consulting network, and a retired partner at KPMG Germany. Rolf has served as
Head of IT for the EMEA region in a leading global security firm. He is a former member of the Board of Directors at the
Business Continuity Institute (BCI). He joined ISACA’s Security Management Committee in 2005. He chaired the working
group for ITGI’s IT Control Objectives for Basel II publication and is currently a member of ISACA’s Framework Committee
and Professional Influence and Advocacy Committee. He has published extensively on business continuity management,
disaster recovery, crisis management and security matters. Most recently, he authored the Business Model for Information
Security published by ISACA.
1st ISACA Athens Chapter Conference, 2 Dec 2011

2.
SPEAKING SLOTS
 Aligning Emergency and Crisis with Information Security, with Vasilis Katos, Assistant Professor of Information
and Communications Systems Security, Democritus University of Thrace
 Project Management, Risk Management and IT, with Stavroula Minasidou, PMP, Senior Manager, IT Advisory,
KPMG Advisors AE
 IT Governance: from Value Governance to benefits realization in a controlled environment, with George
Papoulias, CISA, CGEIT, CRISC, Senior Project Manager, Business processes Division, National Bank of Greece
 Global trends in Information Security, Risk Management and the Greek Perspective, with Gregorios
Themistocleous, CISA, CRISC, ITIL, Senior Manager, Ernst & Young Advisory Services
 Human Firewalls: Making your people an effective line of defence, with Asterios Voulanas, CISA, CIA, CA, Partner,
Technology Assurance, PwC Greece
 ENISA activities on Privacy and Trust Area, with Dr. Rodica Tirtea, Technical Competence Department, European
Network and Information Security Agency – ENISA
 Cloud e‐mail services: security, compliance and privacy, with Nasos Kladakis, Solutions Specialist, MCT CTT+,
Microsoft Hellas
Conference Chairman: Dr. Christos Dimitriadis, CISM, CISA, CRISC, Head of Information Security, Intralot SA, Vice President
of ISACA
Stay in touch at www.hau.gr and www.isaca.gr for updates on the conference program.
INFORMATION
Official language: English
Venue: Hellenic American Union Conference Center (Massalias 22 – Athens)
Hours: 9:00 to 17:00
Registration fee: €50 for ISACA members
€70 for non‐ISACA members
€50 for more than 2 registration from the same company
Fees are subject to 23% VAT
You can register with the Hellenic American Union.
For further information, please contact:
Eleni Tsirigoti, PMP ISACA Athens Chapter
Vocational Training Section, Hellenic American Union
www.isaca.gr, education@isaca.gr
Tel: 210‐3680907, email: etsirigoti@hau.gr
1st ISACA Athens Chapter Conference, 2 Dec 2011

3. 1st ISACA Athens Chapter Conference ‐ 2 December 2011 ‐ Preliminary Agenda
8.30 Registration
9.00 Opening Remarks
Anestis Demopoulos , ISACA Athens Chapter
Christos Dimitriadis – ISACA International VP & Conference Chair
Joyce Vassiliou – President, Hellenic Institute of Internal Auditors
Krikor Maroukian – Secretary, itSMF Hellas
9.15‐10.00 KEYNOTE Presentation
Are we receiving value from our investment in IT risk management?
John Mitchell, LHS Business Control‐UK
10.00‐10.30 Project management, risk management and IT
Stavroula Minasidou, KPMG Advisors SA
10.30‐11.00 ENISA activities on Privacy and Trust area
Rodica Tirtea, ENISA
11.00‐11.30 Coffee Break
11.30‐12.00 IT Governance: from Value Governance to benefits realization in a controlled environment
George Papoulias, National Bank of Greece
12.00‐12.30 Human Firewalls: Making your people an effective line of defense
Asterios Voulanas, PwC Greece
12.30‐13.00 Global trends in Information Security, risk management and the Greek perspective
Gregorios Themistocleous, Ernst & Young Advisory Services
13.00‐14.00 Lunch Break
14.00‐14.45 KEYNOTE Presentation
The “R” in GRC – Risk management in times of crisis
Rolf Von Roessing, Forfa AG
14.45‐15.15 Aligning emergency and crisis with information security
Vasilis Katos, Democritus University of Thrace
15.15‐15.45 Coffee Break
15.45‐16.15 Cloud e‐mail services: security, compliance and privacy
Nasos Kladakis, Microsoft Hellas
16.15‐16.30 ISACA Membership & Certifications Value
16.30‐17.30 Round Table Discussion: IT Audit, Security and Governance challenges
17.30 End of conference
1st ISACA Athens Chapter Conference, 2 Dec 2011

4. Find out more about our speakers and the program
KEYNOTE PRESENTATIONS
The 'R' in GRC ‐ Risk Management in Times of Crisis
with Rolf von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, President of Forfa AG
Abstract: In the context of financial and economic crises, traditional risk management has shown some limitations. Much of
today´s risk landscape has reverted to categories of risk, and to threats, that are intrinsic to the use of critical information
infrastructures. The presentation will highlight developments in European risk management as well as new (or old?) risks
that must be addressed by senior management.
BIO: Rolf is the president of Forfa AG, a Swiss consulting network, and a retired partner at KPMG Germany. Rolf has served
as Head of IT for the EMEA region in a leading global security firm. He is a former member of the Board of Directors at the
Business Continuity Institute (BCI). He joined ISACA’s Security Management Committee in 2005. He chaired the working
group for ITGI’s IT Control Objectives for Basel II publication and is currently a member of ISACA’s Framework Committee
and Professional Influence and Advocacy Committee. He has published extensively on business continuity management,
disaster recovery, crisis management and security matters. Most recently, he authored the Business Model for Information
Security published by ISACA.
Are we receiving value from our investment in IT risk management?
with John Mitchell, PhD, CEng, CITP, MBA, FBCS, CISA, CGEIT, CFIIA, QiCA, CFE, Managing Director, LHS Business Control,
UK
Abstract: This presentation will discuss the value of IT risk management processes and policies when money is tight. In
particular this presentation will answer a few critical questions about controls and risk management such as: Can we
explain what a control is? Does it slow down our systems and what is really providing us with? How our controls work? The
working of a control is a mystery to most people, including auditors, but if we don’t know how they work how we can
assess their effectiveness and whether they are worth the investment. Do our controls really manage our IT risks? Many
risk registers indicate a move from inherent red risk to residual green risk as the result of controls being in place. However,
is the red to green really justified? Is the control suitably designed and implemented to justify the move? Does it reduce
likelihood, or consequence, because a single control cannot do both things? Can we measure our control effectiveness? Are
we able to state that a control is good or bad and do we have monitors and early warning indicators in place to alert us of a
potential failure? What is the impact of poor control in business terms? Because many IT controls are invisible, security
staff find it difficult to describe the impact of a control failure in business terms. Audit reports should also alert business
management to the consequences associated with the findings. Finally, when money is tight, any increment in security
management should be justified in business terms, followed by a total cost‐benefit analysis. And how much should we
spend on security during a financial crisis? This can only be answered by looking outside the security arena and considering
all the investments on which the enterprise should spend its limited money.
BIO: Dr. Mitchell is an international authority on corporate governance, risk management, cyber crime and the impact of
regulatory and compliance issues on the delivery of IT services. He is a Fellow of both the Institute of Internal Auditors and
the British Computer Society, where he is a member of its governing Council. He is also chair of the Audit Committee of
ISACA’s London Chapter and holds ISACA’s prestigious John Kuyers’ award for best conference contributor. He has over 30
years practical governance experience and an international reputation for advising organisations on their governance
strategies and associated methodologies. This is coupled with a strong academic background, which includes research,
extensive publications and teaching at the post‐graduate level. John has been an expert adviser in a number of UK
commercial and criminal cases and has been featured in a major British computing publication as the ‘IT Detective’.
1st ISACA Athens Chapter Conference, 2 Dec 2011

5. SPEAKING SLOTS
Aligning emergency and crisis with Information Security
Vasilis Katos, Assistant Professor, Information and Communications Systems Security, Democritus University of Thrace
Abstract: In this talk Dr. Katos will attempt to identify the challenges and ripples the late financial crisis may cause to the
information security landscape. By highlighting the differences between being placed in a state of crisis rather in a state of
emergency, we ought to challenge best practices, security trade‐offs and roles relating to, or adjunct to information
security within an organization. We are experiencing a need for re‐organizing information security functions and re‐
prioritizing requirements, as the ever increasing complexity of systems and, in many cases, critical infrastructures, is taking
place in not so friendly socio‐economic environments.
BIO: Vasilis Katos is Assistant Professor of Information and Communications Systems Security at Democritus University of
Thrace. Prior to this post he was Principal Lecturer and course tutor for the MSc in Forensic IT at the University of
Portsmouth in the UK. He is a certified Computer Hacking Forensic Investigator (CHFI). His research is in information
security and privacy, computer forensics and incident response, with his work being funded by national and European
bodies. He has over 50 publications in journals, book chapters and conference proceedings and serves as a referee on
several reputable conferences and journals. In terms of research recognition, he has received keynote speech
invitations for international conferences and his research has been addressed by reputable magazines such as the New
Scientist. He is Academic Advocate ISACA and served as a member of the Institute of Information Security Professionals. In
terms of industrial experience, he was security consultant for Cambridge Technology Partners (Novell, Inc) for two years
and a defense expert for a criminal court in the UK.
Cloud e‐mail services: security, compliance and privacy
Nasos Kladakis, Solutions Specialist, MCT CTT+, Microsoft Hellas
Abstract: Companies can benefit from cloud services like Office 365 or Exchange online, especially in the current economic
environment. When allowing an external service provider to store and manage their data, companies consider security,
data protection, privacy, and data ownership. This session provides an overview of the security, continuity, privacy, and
compliance policies and controls of cloud services for enterprises, like Office 365 services.”
BIO: Nasos Kladakis is a Solutions Specialist at Microsoft Hellas. He is responsible for providing core infrastructure,
management, identity and security solutions to Microsoft customers. Before joining Microsoft, Nasos worked as
Independent Consultant and Technical Trainer, participating in a broad range of corporate IT initiatives, planning and
implementing IT solutions for many companies in the Greek market. Nasos holds several professional certifications on
Microsoft Technologies and has been a prominent speaker at numerous Technology Events around the world. Nasos holds
a MSc in Chemical Engineering and an MBA from the National Technical University of Athens
Project Management, Risk Management and IT
Stavroula Minasidou, PMP, Senior Manager, IT Advisory, KPMG Advisors AE
Abstract: It is a fact that all projects carry risk. Timely risk planning and mitigation means less demand on leadership’s time
to address fire. Regardless of conditions, improving an organization’s performance in project risk management and
incorporating this critical activity in a consistent, disciplined and integrated project management framework can increase
the success and value of its initiatives. The presentation will give an overview of a successfully applied project management
framework, focusing in project risk management activity in IT projects.
BIO: Stavroula Minasidou is a Senior Manager in KPMG, responsible for the IT Project Management service line which
includes Portfolio, Program and Project Management services and process framework design, as well as PMO set up,
staffing and running. With over of 15 years of experience, she has implemented a wide range of projects in the area of
project management, business processes reengineering and ERP systems implementation. She has also significant
experience in training professionals, having designed and executed Project/ Program Management seminars for large
companies of private sector.
1st ISACA Athens Chapter Conference, 2 Dec 2011

6. IT Governance: from Value Governance to benefits realization in a controlled environment
George Papoulias, CISA, CGEIT, CRISC, Senior Project Manager, Business processes Division, National Bank of Greece
Abstract: Local and International Bank’s due to a global financial crisis face tough economic conditions. IS/IT executives in
order to ensure effective IT Governance have to align IS with business objectives, deliver value, manage risk and resources
and achieve synergies within the organization. In today’s IS/IT Governance and Management Enterprise Model making the
right IT investment decisions is both critical and challenging. How can you ensure that only those IS/IT Programs/Projects
that provide the highest value to the business, actually get implemented, even across such a diverse technology landscape?
A framework that enables the creation of business value from IT‐enable investments with a set of practical governance
principles, processes, and supporting guidelines is of a paramount importance in any organization. Yet, without sound IT
Governance and Management there is an equally significant risk to destroy value.
This presentation will provide insights on how an IS/IT Governance Model can support the IS/IT Strategy and the Business
and IT Processes in order for the organization to perform on economics of scale, to propose and validate enabling solutions,
to understand emerging technologies, to deliver successful programs/projects, and to build standard and reliable
technology platforms. A Road Map from design to implementation with the use of known frameworks and de facto
standards like COBIT, VAL IT, RISK IT, PMBOK, ITIL and CMMI will be presented.
BIO: George Papoulias is holding the position of Senior Project Manager in Business Processes Organization (BPO) Division
at National Bank of Greece and is the liaison between BPO and the Bank’s SOX UNIT, Internal Audit, Risk Management and
Compliance Division. Prior to this position he was a Senior IS Auditor within the same Organization. He has more than 17
years of IS/IT Governance, Program/Project Management, Audit, Risk Management and Software Engineering, experience
in Greece, Switcherland, Portugal, Turkey, Saudi Arabia, Bulgaria and Albania in the Banking Sector. He managed successful
projects implementing Banking Software as a Senior Business Consultant/Project Manager internationally in Deutsche Bank
Private Banking, Saudi Hollandi Bank, Al Rajhi Bank and locally in PROBank. He served as an IT Services Manager (Atos
Origin Major Events) in the Athens 2004 Olympic Games, as an Information Engineer in Risk Management Division of
Piraeus Bank and as a Systems Analyst and Software Engineer in the IS/IT Division of Citibank and ABN‐AMRO Bank.
He is also the Vice President/Membership of the BOD of the PMI Greece Chapter and a Member of the ISACA Athens
Chapter Audit Committee. George is a CIS graduate from W.P. Carey School of Business, Arizona State University with
specialization in Information Management, Certified Information Systems Auditor (CISA), Certified in the Governance of
Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC).
Global trends in Information Security Risk Management and the Greek perspective
Gregorios Themistocleous, CISA, CRISC, ITIL, Senior Manager, Ernst & Young Advisory Services
Abstract: An increasing number of businesses are moving into the virtual world. Physical boundaries are disappearing as
more data is transmitted over the internet. Further, software is having more of an impact on business models as cloud
computing, social networking and mobile devices become more prevalent. Based on thousands of interviews with C‐level
executives and information security experts, and research amongst 1,700 participants in 52 countries, this year's survey
found that although globally many information security budgets are increasing, there is a growing gap between current
needs and what information security is achieving. There is still much more that can be done to protect information and
manage information risk. Both globally and particularly in Greece we believe that it is time to get back to basics and define
a clear information security strategy and improvement agenda to help information security out of the fog.
BIO: Greg is a Senior Manager at Ernst & Young Advisory Services. He has been involved with information systems, internal
audit, risk and control assessments services since 1998. In the course of his professional career he has served a number of
clients in the manufacturing, petrochemicals, telecommunications, media, health, banking and insurance industry sectors.
Greg has gained extensive experience in IT audit and security, especially in the areas of internal & financial audit, SOX and
Enterprise Resource Planning applications (ERP), namely SAP, through a number of engagements in different countries
across South East Europe. Greg is Information Technology Infrastructure Library (ITIL Foundation v3) certified, a Certified
Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and a member of the
Information Systems Audit and Control Association (ISACA). He holds an M.Sc. in Analysis, Design and Management of
Information Systems from the London Schools of Economics (UK) and a B.A. degree in Business Economics and
Organizational Studies from the University of Reading (UK).
1st ISACA Athens Chapter Conference, 2 Dec 2011

7.
ENISA activities on Privacy and Trust Area
Dr. Rodica Tirtea, Technical Competence Department, European Network and Information Security Agency – ENISA
Abstract: Privacy, freedom of expression and freedom of information are considered as basic rights are anchored within the
EU legal framework. However certain aspects of protection of personal data are difficult to address and implement entirely.
An increase in awareness of privacy and security concepts within organisations and industry sectors appears to be
desirable, in order to maintain a high level of security and confidence on the part of users and society in the ICT
infrastructure and services provided within the EU. ENISA is working in the area of privacy and trust since 2010 and
identified already key challenges and proposed recommendations. Clearly, privacy challenges cannot only be solved by
technological means. There is a need for a multi‐disciplinary approach that considers economic factors, education, legal and
technological aspects. A global understanding and a pan‐European approach is needed, and certainly ENISA can support
this.
BIO: Rodica Tirtea joined Security Tools and Architecture Section of ENISA in November 2009. Her work covers topics such
privacy & trust, resilience and cryptography. Previously she worked as a lecturer in University of Oradea (Romania).
Between 2001 and 2005 she worked as a researcher in ESAT/K.U.Leuven (Belgium). Her research activity focused on
dependability and security aspects of distributed systems and applications (i.e. control systems of electric power
infrastructure). Her work has been disseminated through several projects deliverables and more than 20 papers authored
and co‐authored in international conference proceedings and journals. She holds PhDs in Engineering from K.U.Leuven
(Belgium) and in Computer Science from ‘Politehnica’ University of Timisoara (Romania) since 2005 and 2007 respectively.
She graduated Computer Science and Economics at the University of Oradea.
Human Firewalls: Making your people an effective line of defense
Αsterios Voulanas, CISA, CIA, CA, Partner, Technology Assurance, PwC Greece
Abstract: Over the years, many organizations have heavily invested in technology solutions to protect information assets,
yet financial losses due to cyber‐crime continue to grow despite major steps forward in technical defenses. More recently,
public attention has been repeatedly drawn to the threats posed by mishandling of personal information by employees.
Although technical defenses are vital, such point solutions can also create a false sense of security. We tend to forget that
there is always a human element; negligence, ignorance, anger or even curiosity that can give rise to incidents. Accordingly,
what is required is a new approach, in which an investment in understanding and influencing the behaviours of all those
concerned is better balanced against the continued investment in technology solutions.
BIO: Asterios Voulanas is PwC partner with 20 years of experience in the fields of technology governance, risk and
compliance that helps clients gain value from their investments in IT and security. He is responsible for the IT Assurance,
Technology Governance, Security and Forensics practice in Greece. Asterios has authored a number of articles on
information security on behalf of the firm for local Greek IT publications and newspapers. Asterios has led and managed a
large number of PwC Greece’s IT governance, risk and security projects for a large portfolio of multinational and Greek
clients. He has strong expertise in assessing and developing security and governance frameworks that address emerging
and changing business and technology risks including those driven by industry or regulatory frameworks such as CoBiT,
ISO27001, PCI‐DSS, Privacy, Telecommunication and Banking specific regulations. His experience spans various industries
and client segments including financial services, telecommunications, manufacturing, retail, shipping and logistics.
Asterios has a BA Latrobe University and Post Graduate Diploma Monash University Melbourne, Australia (Majors Legal
Studies, Accounting & IT). He is a Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) and
Australian Chartered Accountant (CA)
CONFERENCE CHAIRMAN
Christos K. Dimitriadis, CISA, CISM, CRISC, Heald of Information Security for Intralog Group, Vice President of ISACA.
BIO: Christos K. Dimitriadis, CISA, CISM, is a Vice President of ISACA. He also is the Head of Information Security for
INTRALOT GROUP, a multinational supplier of integrated gaming and transaction processing systems based in Greece,
managing information security in more than 50 countries in all continents.
1st ISACA Athens Chapter Conference, 2 Dec 2011

8. Dimitriadis has served ISACA as chairman of the External Relations Committee and member of the Relations Board,
Academic Relations Committee, ISACA Journal Editorial Committee and Business Model for Information Security
Workgroup.
Dimitriadis has been working in the area of information security for 11 years and has authored 70 publications in the field.
He has been providing information security services to the ITU, European Commission Directorate Generals, European
Ministries and international organizations, as well as business consulting services to entrepreneurial companies.
Dimitriadis received a diploma of electrical and computer engineering from the University of Patras, Greece, and a Ph.D in
information security from the University of Piraeus, Greece.
Stay in touch at www.hau.gr and www.isaca.gr for updates.
1st ISACA Athens Chapter Conference, 2 Dec 2011