Athens, 6 7 December 2012 Hellenic American Union Conference Center

Transcription

1 Athens, 6 7 December 2012 Hellenic American Union Conference Center ISACA Athens Chapter and the Hellenic American Union are organizing the 2012 ISACA Athens Chapter Conference on December 6 7, The theme of the conference is: Information Assurance at a Crossroad: Choosing a New Strategic path through Security, Governance and IT Audit Best Practices. The conference will provide a platform for discussion on key issues faced today, such as: Emerging security risks in new technologies (cloud, mobile computing, BYOD) Best practices for an effective governance of enterprise IT Compliance & privacy risks and implementation practices IT audit and information assurance leading practices COBIT 5 and implementation principles This year we are also featuring an 8 hour workshop prior to the conference on Security, Governance and Risk Management, presented by two International Vice Presidents of ISACA, Dr. Christos Dimitriadis, CISA, CISM, CRISC, Head of Information Security for Intralot Group, and Mr. Ramsés Gallego, CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT Foundations and Six Sigma Black Belt certified professional, Security Strategist & Evangelist for Dell. Attendees will earn up to a total of 17 CPEs (workshop 8, conference 9 CPEs) and 10 PDUs (workshop 2, conference 8). KEYNOTES ISACA Dr. Christos Dimitriadis, CISA, CISM, CRISC, Head of Information Security for Intralot Group Ramsés Gallego, CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT(f), Six Sigma Black Belt Certified, Security Strategist & Evangelist for Dell Marc Vael, CISA, CISM, CRISC, CGEIT, CISSP, ITIL service manager, Prince2, Chief Audit Executive at Smals vzw INVITED Andrea Servida, Head of Task Force Legislation Team (eidas), European Commission Dr. Paul Spirakis, Professor, President of the Computer Technology Institute and Press Diophantus Dr. Evangelos Ouzounis, Head of Resilience and CIIP Unit, European Network and Information Security Agency Dr. Lucie Langer, Safety & Security Department, (AIT) Austrian Institute of Technology SPEAKING SLOTS Tassos Alefantos, International Representative of itsmf Hellas, Manager IT&T Operations and Data Centre Services at Athens International Airport Dr. Konstantinos Papapanagiotou, Open Web Application Security Project (OWASP) Greece Chapter Leader, Information Security & Risk Management Services Manager at Syntax IT Christos Vidakis, CISA, CISSP, CISM, ISO LA, Senior Manager, Management and Risk Consulting, KPMG Advisors AE Stan Voulanas, CISA, CIA, CMIA, CA, Partner, IT Risk Assurance, PwC, Greece Conference Chairman: Professor Despina Polemi, University of Piraeus, ISACA Academic Advocate Stay in touch at and for updates on the conference program.

2 INFORMATION Official language: English, however presentations may also be provided in Greek (translation services to English will only be provided). Venue: Hellenic American Union Conference Center (Massalias 22 Athens) Hours: 09:00 to 18:15 Registration fee: Workshop Conference & Conference Non ISACA members ISACA members For more than 2 registrations of the same company Students (undergrads only) Collaborative associations Only Conference fees are subject to 23% VAT Workshop fee is covered by LAEK / OAED 0,45 Registration to workshop grants free entrance to the Conference on December 7th You may register at the Hellenic American Union. For further information, please contact: Eleni Tsirigoti, PMP Vocational Training Section, Hellenic American Union Tel: , etsirigoti@hau.gr ISACA Athens Chapter education@isaca.gr Premier Sponsors Supporters

3 2012 ISACA Athens Chapter Conference 7 December 2012 Preliminary Agenda 8.15 Registration 9.00 Opening Remarks Mr. Ioannis Lefkakis ISACA Athens Chapter President Prof. Despina Polemi Conference Chairman, University of Piraeus, ISACA Academic Advocate ISACA KEYNOTE Presentation Welcome from ISACA International latest update: State of the art in governance of enterprise IT and information security Dr. Christos Dimitriadis ISACA International VP, Head of Information Security for Intralot Group KEYNOTE Presentation Developing a risk management culture: a Regulatory perspective Mr. Andrea Servida Head of Task Force Legislation Team (eidas), European Commission Speaking Slot Key trends and messages from the PwC Global State of Information Security Survey 2013: Roundtable discussion of key issues impacting Greece and the rest of the world" Facilitator: Mr. Stan Voulanas Partner, IT Risk Assurance, PwC, Greece Speaking slot Mobile security: It's all about the applications Coffee Break Dr. Konstantinos Papapanagiotou OWASP Greece Chapter Leader, Information Security & Risk Management Services Manager at Syntax IT ISACA KEYNOTE Presentation Trust in and value from Cloud computing today Mr. Marc Vael ISACA International VP, Chief Audit Executive at Smals vzw Speaking Slot IT Forensics gives a new dimension to Information Security: The role of IT Auditor Mr. Christos Vidakis Senior Manager, Management and Risk Consulting, KPMG Advisors AE Speaking Slot A Letter to Santa Audit Mr. Tassos Alefantos International Representative of itsmf Hellas, Manager IT&T Operations and Data Centre Services at Athens International Airport KEYNOTE Presentation Cyber Security Challenges of Cloud Computing the EU approach Lunch Break Dr. Evangelos Ouzounis Head of Resilience and CIIP Unit, ENISA slides in 20 seconds Session Say it in 6 40 Dr. Konstantinos Papapanagiotou (OWASP, Syntax IT): Hack Yourself out of the Debt Mr. George Raikos (ISACA Athens Chapter Secretary): Crisis! what Crisis? Mr. Anestis Demopoulos (ISACA Athens Chapter Vice President): Get recognized as an expert the ISACA certifications Mr. Ioannis Lefkakis (ISACA Athens Chapter President): More CPEs than ever before an ISACA benefit Mr. Marc Vael (ISACA International VP): Privacy ISACA KEYNOTE Presentation Beyond Identity Management: Welcome to the world of access governance Mr. Ramsés Gallego ISACA International VP, Security Strategist and Evangelist for Dell KEYNOTE Presentation Trust in the web Coffee Break Dr. Paul Spirakis Professor, President of the Computer Technology Institute and Press Diophantus KEYNOTE Presentation Security and Risk Management for Smart Grids Dr. Lucie Langer Safety & Security Department of the AIT Austrian Institute of Technology Round Table Discussion: Your Session, ask whatever you want and challenge the experts End of Conference Dr. Christos Dimitriadis, Mr. Ramsés Gallego, Mr. Marc Vael Check at or for more updates

4 Find out more about our speakers and the program ISACA KEYNOTE PRESENTATIONS Welcome from ISACA International latest update: State of the art in governance of enterprise IT and information security with Dr. Christos Dimitriadis, CISA, CISM, CRISC, Head of Information Security for Intralot Group Abstract: ICT has become the backbone of the world economy, while at the same time it targets at improving quality of life through the adoption of new technologies in our daily life. Enterprises and professionals are continuously looking for ways to balance risk and value, to become more competitive and cost effective, to innovate. This presentation from ISACA International will display the recent trends in the areas of governance of enterprise IT, information security and risk, while ISACA s latest and upcoming frameworks will be demonstrated as the means to address the needs of the modern enterprise. BIO: Christos K. Dimitriadis, CISA, CISM, CRISC, is an International Vice President of ISACA. He also is the Head of Information Security for Intralot Group, a multinational supplier of integrated gaming and transaction processing systems based in Greece, managing information security in more than 50 countries in all continents. Mr. Dimitriadis has served ISACA as chairman of the External Relations Committee and member of the Relations Board, Academic Relations Committee, ISACA Journal Editorial Committee and Business Model for Information Security Workgroup. Mr. Dimitriadis has been working in the area of information security for 11 years and has authored 70 publications in the field. He has been providing information security services to the ITU, European Commission Directorate General, European Ministries and international organizations, as well as business consulting services to entrepreneurial companies. Mr. Dimitriadis received a diploma of electrical and computer engineering from the University of Patras, Greece, and a Ph.D in information security from the University of Piraeus, Greece. Beyond Identity Management: Welcome to the world of access governance with Ramsés Gallego, CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT(f), Six Sigma Black Belt Certified Abstract: In a world that is changing at the speed of light, protecting information is the number one priority for CISOs. And while there are many processes and technologies for doing that, the discipline of Identity Management is turning into an overarching topic, a different approach that requires a different thinking: one that considers who is really touching corporate information, the need of controlling accounts with elevated rights and the deployment of a corporate program on accessing sensitive information. Through a series of examples and covering all of the angles of the Identity & Access Management discipline, this session will highlight the birth of a new dimension. Welcome to the world of Access Governance. BIO: With a background education in Business Administration (MBA) and Law, Ramsés is a +15 year security professional with deep expertise in the Risk Management and Governance areas. Ramsés is now Security Strategist and Evangelist for Dell where he defines the vision of the security discipline and oversees the deployment of services. Before, he was at CA Technologies for 8 years, was Regional Manager for SurfControl in Spain and Portugal, and just recently Chief Strategy Officer of the Security and Risk Management practice at Entelgy. Ramsés has been serving for three years in ISACA s CISM and CGEIT Certification Committees and also in the Guidance & Practices Committee for three years from where deliverables have been created for the community. He is honored to have been the Chair for ISACA s ISRM Conference and is now Research Director & Strategic Planning at the Barcelona Chapter and part of the Program Committee for the events SecureCloud 2010 and Ramsés played an instrumental role in the Planning Committee that prepared first ever ISACA's World Congress in Washington, June He has also been part of the ISACA's CISM PATF Task Force. He also develops results oriented, business focused, people driven projects due to his Six Sigma Black Belt accreditation. He has been appointed International Vice President for ISACA and has a seat in its Board of Directors. Trust in and value from Cloud computing today with Marc Vael, CISA, CISM, CRISC, CGEIT, CISSP, ITIL service manager, Prince2, ISACA International VP, Chief Audit Executive at Smals vzw, Abstract: Many business and IT leaders are wondering today what cloud computing really means, what it can do for their business and how it impacts their IT environment. Marc will present a vision on the current cloud computing trends, the

5 concerns, the value and the need for calculating the cloud computing ROI based on recent research performed by ISACA and based on his personal experience working with organizations on cloud computing implementations and audits. BIO: Marc Vael ( 1967) has three Master's degrees (Applied Economics, Information Management and IT Management). During his professional career, Marc obtained certifications in IT audit (CISA), information security (CISM and CISSP), IT risk management (CRISC), IT governance (CGEIT and ITIL service manager) and project management (Prince2) and still maintains these through continuous professional education. Marc achieved his official certification for Director at GUBERNA in He has 20 years active experience in evaluating, designing, implementing and monitoring solutions on risk and information security management, business continuity management, privacy and IT Audit. Currently Marc is Chief Audit Executive at Smals vzw, a Belgian not for profit IT company with more than employees working primarily for Belgian Federal Social Security Institutions. In this role, Marc is responsible for all internal auditing activities reporting directly to the Audit committee of Smals vzw. Besides his full time job, Marc is member and active volunteer at ISACA since Since June 2012 he is elected as international vice president of ISACA International and chair of ISACA s Knowledge Board and the Cloud Computing Task Force and member of ISACA s Strategic Advisory Council. In April 2012 Marc got also elected president of the ISACA Belgium Chapter. Marc is lecturing as guest professor at Antwerp Management School since 1997 and Solvay Brussels School since He is a deputy member of the Flemish Privacy Commission since January 2010, board member of SAI since January 2012 and a member of the Permanent Stakeholder Group of ENISA since August He is a passionate speaker and published author involved with research and innovation in his core expertise domains. He has received the formal nomination of fellow in October 2012 from the University of Leuven for his contribution to IT. INVITED KEYNOTE PRESENTATIONS Developing a risk management culture: a Regulatory perspective with Andrea Servida, Head of Task Force Legislation Team (eidas), European Commission Abstract: TBA BIO: He is Head of the Task Force "Legislation Team (eidas) in Directorate General 'Communication networks, content and technology' (DG CONNECT) of the European Commission. From 2006 to 2012, he was Deputy Head of the Unit "Internet; Network and Information Security" in DG INFSO where he co managed the Unit and was in charge of defining and implementing the strategies and policies on network and information security, critical information infrastructure protection, electronic signature and identification. From 1993 to 2005, he worked in the European Commission ICT research programmes (ESPRIT, IT, IST and ICT) dealing with safety critical systems, software engineering, database technology, privacy enhancing technologies, biometrics, dependability and cyber security. Before joining the European Commission in 1993, he worked in industry for nearly eight years as a project manager of international R&D projects on decision support systems for environmental, civil and industrial emergency and risk management. He graduated with Laude in Nuclear Engineering at Politecnico di Milano and carried out PhD studies on fuzzy sets and artificial intelligence at Queen Mary and Westfield College, University of London. Trust in the web with Dr. Paul Spirakis, Professor, President of the Computer Technology Institute and Press Diophantus Abstract: This talk will focus on issues of Trust in the Web, including a discussion about Open Data and Information Assurance. We shall discuss Trust definitions, models, and tools, and the important initiative of the EU on Open Data. The talk will also overview some challenging research topics related to Information Assurance, as well as recent evolutions in the European Research Agenda on the issue. Some relations to modern Cryptography will also be highlighted. BIO: Paul Spirakis, obtained his PhD from Harvard University, in He is currently the President of the Computer Technology Institute & Press DIOPHANTUS and a Full Professor in the Patras University, Greece. Was acknowledged between the top 50 scientists worldwide in Computer Science with respect to The best Nurturers in Computer Science Research, published by B. Kumar and Y.N. Srikant, ACM Data Mining, His research interests Algorithms and Complexity and interaction of Complexity and Game Theory. Paul Spirakis has extensively published in most of the important Computer Science journals and most of the significant refereed conferences. He was elected unanimously as one of the two Vice Presidents of the Council of the EATCS. He is a member of Academia Europaea, a member of the ACM Europe Council and has been appointed as a Member of the Executive Body of the Polytechnic University of Cyprus.

6 Cyber Security Challenges of Cloud Computing the EU approach with Dr. Evangelos Ouzounis, Head of Resilience and CIIP Unit, European Network and Information Security Agency (ENISA) Abstract: ENISA has played an important role in giving stakeholders an overview of the information security risks when going cloud. In this presentation Dr. Ouzounis presents ENISAs work in the area, explains how this is related to the overall EU policy context and identifies areas for future work. BIO: Dr. Evangelos Ouzounis is the head of ENISA s Resilience and Critical Information Infrastructure Protection (CIIP) Unit. His unit implements EU Commission s CIIP action plan, organises the CIIP exercises (e.g. Cyber Europe 2012/10, Cyber Atlantic 2011), facilitates Member States efforts towards a harmonised implementation of incident reporting scheme (article 13 a of new Telecom Package), and develops good practices for national cyber security strategies and national contingency plans. ENISA s Resilience and CIIP Unit runs also numerous other studies on cyber security aspects of critical sectors and services like Industrial Control Systems SCADA, Smart Grids, Cloud Computing, Botnets and Interconnected Networks. The Unit also issues strategic recommendations and develops good practices for relevant stakeholders. Prior to his position at ENISA, Dr. Ouzounis worked several years at the European Commission, DG Information Society and Media (DG INFSO). He contributed significantly to EU Commission s R&D strategy and policies on securing Europe s infrastructures and services. Dr. Ouzounis was co founder of Electronic Commerce Centre of Competence (ECCO) at Fraunhofer Institute for Open Communication Systems (FhG FOKUS, Berlin, Germany). He led and managed more than 20 pan European and International R&D projects. Dr. Ouzounis holds a Ph.D from the Technical University of Berlin and a master in computer engineering and informatics from the Technical University of Patras, Greece. He was a lecturer at Technical University of Berlin, wrote 2 books and more than 20 peer reviewed academic papers and chaired several international conferences. Security and Risk Management for Smart Grids With Dr. Lucie Langer, Safety & Security Department, (AIT) Austrian Institute of Technology Abstract: Future energy grids will make extensive use of the integration of ICT technologies. Thus, cyber security risks become a threat even for energy suppliers. Together with various partners both from research and industry, the AIT Safety & Security Department is currently developing technologies and tools to strengthen the resilience of smart grids against cyber attacks. This includes specific risk management approaches for utility providers, processes and guidelines for implementing security in smart grid environments and also security assessment and monitoring solutions. The presented risk management approaches can also be applied for other security relevant research projects such as FastPass A harmonized, modular reference system for all European automatic border crossing points. BIO: Dr. Lucie Langer joined the Safety & Security Department of the AIT Austrian Institute of Technology in She is currently working on projects related to the security of critical infrastructures and smart grids. Before joining the AIT Lucie has been working as a Technology Consultant in the private sector for two years, focusing on access rights and infrastructure management in large scale IT projects. From 2006 to 2010 she was a member of the Cryptography & Computer Algebra Group at Technische Universität (TU) Darmstadt, where she also received her PhD in 2010 and graduated in Mathematics in As a Research Assistant at TU Darmstadt she participated in several security related research projects on e voting, e government and long term archiving. SPEAKING SLOTS A Letter to Santa Audit with Tassos Alefantos, International Representative of itsmf Hellas, Manager of IT&T Operations and Data Centre Services at Athens International Airport Abstract: An attempt to provide the auditee s perspective on audit outcomes. What an IT Manager would expect from an IT Audit, are there any business benefits, how could we maximize the business value for IT from an audit report, could a proactive audit process be more meaningful? The proposed answers will bridge COBIT and ITIL elements towards a value driven IT Service Management implementation. BIO: Tassos Alefantos, founder, International Representative of the Greek chapter of IT Service Management Forum (ITSMF Hellas). He has over 20 years of international experience in the areas of Information Technology, Telecommunications and Airport Operations. Tassos Alefantos has extensive knowledge and experience in Corporate and IT Governance, IT Service Management and works intensively on the issue of IT Business Value. He is currently the Manager of IT&T Operations and

7 Data Centre Services at Athens International Airport. He is a Certified Information Systems Auditor (CISA), Certified in the Risk and Information Systems Control (CRISC) and Certified ISO20000 Auditor.He holds a BEng in Aeronautical Engineering, a PDip in Computer Science and a Masters in Business Administration. Mobile Security: It's all about the applications with Dr. Konstantinos Papapanagiotou, OWASP Greece Chapter Leader, Information Security & Risk Management Services Manager at Syntax IT Abstract: Mobile devices, smart phones, tablets, etc. are nowadays an integral part not only of our personal but also business life. Everyday hundreds of mobile applications are created and deployed into millions of devices. Enterprises are rapidly looking for ways to embrace the new mobility paradigm, but at the same time face new challenges and risks. Bring Your Own Device is definitely a trend of our days which also carries along various risks related to employees connecting and using their personal mobile devices in the corporate network. However, another risk resides beyond the device: the applications that are installed on it. Bring Your Own Application can actually represent a more significant risk than BYOD. In this presentation we discuss mobile application security risks and challenges that mobile developers face. We will also outline key issues that auditors should be looking for when testing mobile applications, and finally suggest controls that can be used to improve security. BIO: Dr Konstantinos Papapanagiotou has more than 10 years of experience in the field of Information Security both as a corporate consultant and as a researcher. Currently he is managing the team of security consultants at Syntax IT Inc, providing information security services and solutions to large organizations in Greece, Cyprus, Balkans and the Middle East. He has strong expertise in the area of application security, having been involved with OWASP for several years now, leading the OWASP Greek Chapter and lately the Hackademic Challenges Project. He also organized the OWASP Global AppSec Research 2012 conference. Konstantinos holds a BSc from the Department of Informatics and Telecommunications, University of Athens, an MSc with distinction in Information Security from Royal Holloway, University of London and a PhD in Information and Network Security from the Department of Informatics and Telecommunications, University of Athens. He is the author of more than 10 scientific publications. IT Forensics gives a new dimension to Information Security: The role of IT Auditor with Christos Vidakis, CISA, CISSP, CISM, ISO LA, Senior Manager, Management and Risk Consulting, KPMG Advisors Abstract: Nowadays, information security professionals have acknowledged the need of redefining the approach to protecting information assets. This is supported by the fact that the exponential increasing investments in information security have limited narrowed (compared to expectations) the number and impact of information security breaches. Christos will present a revolutionary information security approach and the new challenging role of IT auditors. BIO: Christos Vidakis has more than ten years of information systems security, auditing and technology experience, with special emphasis on continuous security testing engagements. He currently serves as a senior manager in KPMG s Risk and Management Consulting practice. Christos has directed and managed the technology integration aspects of financial statement audits, has designed and implemented information security management systems and has performed and managed a number of security assessments and system implementations such as ISAE 3402, PCI/DSS, SOX 404 and ISO Christos has led numerous technical risk assessment engagements involving forensics of security incidents, penetration tests, network and system security architecture assessments and has guide several clients in evaluation, designing, implementing and managing security architecture solutions. He has also performed assessment of banking information systems security according to the Bank of Greece Governor s Act Key trends and messages from the PwC Global State of Information Security Survey 2013 with Stan Voulanas, CISA, CIA, CMIIA, CA, Partner, Risk Assurance, PwC, Greece Abstract: For many businesses, security has become a game that is almost impossible to win. The rules have changed, opponents are armed with expert technology skills, and the risks are greater than ever. In the 15th year, the Global State of Information Security Survey had over 9,300 respondents from CEOs, CFOs, CIOs, CISOs, CSOs, VPs, and directors of IT and security from 128 countries who have been engaged in the high stakes game of information security. New rules and new opponents are in play. And to win, businesses must prepare to play a new game that requires advanced skills and strategy. A special report has been prepared for Greece with the participation of 77 executives from across a wide

8 range of sectors. Τhe main findings of the report will be presented and discussed with a panel of four invited speakers." BIO: Asterios Voulanas is PwC partner with 20 years of experience in the fields of technology governance, risk and compliance that helps clients gain value from their investments in IT and security. He is responsible for the Risk Assurance practice assists organizations in achieving controls excellence through a complete suite of industry focused IT, process and data risk and control solution sets. Asterios has authored a number of articles on information security on behalf of the firm for local Greek IT publications and newspapers. Asterios has led and managed a large number of PwC Greece s IT governance, risk, audit and security projects for a large portfolio of multinational and Greek clients. He has strong expertise in assessing and developing security and governance frameworks that address emerging and changing business and technology risks including those driven by industry or regulatory frameworks such as CoBiT, ISO27001, PCI DSS, Privacy, Telecommunication and Banking specific regulations. His experience spans various industries and client segments including financial services, telecommunications, manufacturing, retail, shipping and logistics. Conference Chairman Prof. Despina Polemi, Assistant Professor, University of Piraeus, ISACA Academic Advocate BIO: Professor Nineta Polemi has obtained the Degree in Applied Mathematics from Portland State University (USA) in 1984, Ph.D. in Applied Mathematics (Coding Theory) from The City University of New York (Graduate Center) in She held teaching positions ( ) in Queens College and Baruch College of City University of New York. From 1991 to 1996 was assistant professor in The State University of New York at Farmingdale. During was senior security researcher in the National Technical University of Athens (NTUA) ICCS ( During acted as President of the BoD and Technical Manager in the security consultancy company Expertnet ( She is currently an Assistant Professor in the University of Piraeus (Dept. of Informatics) teaching cryptography, security and e business. Her current research interests are in the fields of security and collaborative e services. She has over one hundred publications in the above areas and has organised numerous security scientific events. She has received many research grants from various organizations such as the Danish Research Foundation, MSI Army Research Office/Cornell University, IEEE, State University of New York (SUNY), and The Graduate School of City University of New York (CUNY). She has been project manager (PM) / technical manager (TM) in security projects of various programmes such as National Security Agency (NSA), Dr. Nuala McGann Drescher Foundation, Greek Ministry of Defence, INFOSEC (Biometrics Study, EUROMED ETS, BESTS), TELEMATICS for Administrations (COSACC) and the European Commission (E.C.) IST Programme (HARP, BEE, SEED, WebSig, TSEC, CORAS, RESHEN, SEED, La Mer, SECRETS, INTELCITIES, SELIS, SWEB, NetShare, Eurogene, ImmigrationPolicy2.0). She participated in E.C. security projects of programs (COST, ACTS, ICT and NATOs). She acts as an expert and evaluator in the E.C. and the European Network and Information Security Agency (ENISA). Check at or for more updates

9 Workshop Security, Governance & Risk Management. Explained 6 December 2012, 09:00 17:00 Athens, Hellenic American Union Conference Center Overview This workshop is designed to foster collaboration in the areas of Assurance, Security, Governance and Risk Management over Information Systems. The workshop commences with a 4 hour session on Cobit5 related to privacy by Dr. Christos Dimitriadis, and continues with a 4 hour session on everything participants need to know about Security and Governance. The second session of the workshop has an open agenda, as it is built on the concept of sharing experiences, on everybody's talking about what's happening in the real world. Attendees would need an open minded mood, get ready to present issues, problems, examples from their real environment, and ask everything in these areas. Since it is created to share visions and experiences from the real world, one of its goals is to engage into a relevant, useful dialogue with the audience, covering among other Cloud Computing, Risk Management, Metrics & Indicators, Identity Management, Access Governance, Big Data, Mobile Devices, BYOD, Log Management During this 4 hour session, Mr. Ramsés Gallego will introduce the topics and then will try to get everybody talking and sharing while giving ISACA's, and his own, perspective. Some slides will be used to help through visuals but it will not be a presentation oriented workshop. This will be a highly interactive session therefore participation will be limited to a people max. Please register on time to secure your place. Workshop leaders: 1 st Session: Christos K. Dimitriadis, CISA, CISM, CRISC, is an International Vice President of ISACA. He also is the Head of Information Security for Intralot Group, a multinational supplier of integrated gaming and transaction processing systems based in Greece, managing information security in more than 50 countries in all continents. Mr. Dimitriadis has served ISACA as chairman of the External Relations Committee and member of the Relations Board, Academic Relations Committee, ISACA Journal Editorial Committee and Business Model for Information Security Workgroup. Mr. Dimitriadis has been working in the area of information security for 11 years and has authored 70 publications in the field. He has been providing information security services to the ITU, European Commission Directorate General, European Ministries and international organizations, as well as business consulting services to entrepreneurial companies. Mr. Dimitriadis received a diploma of electrical and computer engineering from the University of Patras, Greece, and a Ph.D in information security from the University of Piraeus, Greece. 2 nd Session: Ramsés Gallego, CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT(f), Six Sigma Black Belt Certified. With a background education in Business Administration (MBA) and Law, Ramsés is a +15 year security professional with deep expertise in the Risk Management and Governance areas. Ramsés is now Security Strategist and Evangelist for Dell where he defines the vision of the security discipline and oversees the deployment of services. Before, he was at CA Technologies for 8 years, was Regional Manager for SurfControl in Spain and Portugal, and just recently Chief Strategy Officer of the Security and Risk Management practice at Entelgy. Ramsés has been serving for three years in ISACA s CISM and CGEIT Certification Committees and also in the Guidance & Practices Committee for three years from where deliverables have been created for the community. He is honored to have been the Chair for ISACA s ISRM Conference and is now Research Director & Strategic Planning at the Barcelona Chapter and part of the Program Committee for the events SecureCloud 2010 and Ramsés played an instrumental role in the Planning Committee that prepared first ever ISACA's World Congress in Washington, June He has also been part of the ISACA's CISM PATF Task Force. He also develops results oriented, business focused, people driven projects due to his Six Sigma Black Belt accreditation. He has been appointed International Vice President for ISACA and has a seat in its Board of Directors This workshop grants 8 CPEs and 2 PDUs. Stay in touch at and for updates.