Athens, 2 & 4 November 2013 ISACA Keynote Speakers: - Hellenic ...

Athens, 2 & 4 November 2013 ISACA Athens Chapter with the support of Hellenic American Union is organizing the 3rd ISACA Athens Chapter Conference on November 2 & 4, 2013.

The theme of the conference is: “Emerging from Crisis ‐ The risks, the opportunities and the real value of IT”. Attendees will earn up to a total of 17 CPEs (workshop 8, conference 9 CPEs) and 10 PDUs (workshop 2, conference 8).

ISACA Keynote Speakers:

Emerging IT Trends and their Implications to the Audit Profession Gregory T. Grocholski, CISA Global Business Finance Director – Ventures, Business Development and Joint Venture at Dow Chemical

ISACA International President 2012‐2013

ENISA and ISACA Workshop Addresses Cybersecurity Challenges for Telecom Operators and Regulators Christos Dimitriadis, CISA, CISM, CRISC, Group Head of Information Security, Compliance and Innovation at INTRALOT – Director of ISACA International BoD Awarded in 2013 with the John W. Lainhart IV Common Body of Knowledge Award by ISACA International Past ISACA positions:  International Vice President  Chair of COBIT Security Task Force and of External Relations Committee  Member of the Relations Board, Academic Relations Committee, ISACA Journal Editorial Committee and Business Model for Information Security Work Group

IT Governance and Emerging Trends Georges Ataya, CISA, CGEIT, CRISC, CISM, CISSP Managing Partner at ICT Control – Professor at SolvayBrusselsSchool

Past ISACA positions:  International Vice President  Chair, External Relations Committee  President, Benelux Chapter

Geo‐location: Risks, Strategies and Audit Aspects Urs Fischer, CISA, CRISC, CIA, CPA

Owner & CEO Fischer IT GRC Consulting & Training, Member of ISACA/ITGI's Nomination Committee Awarded in 2010 with the John W. Lainhart IV Common Body of Knowledge Award by ISACA International Past ISACA positions:  Chair of ISACA's & IT Governance Institute's Risk IT Task Force  Chair Audit Committee  Member of the COBIT Steering Committee and of the Credentialing Board Chair ISACA's CRISC Committee

INVITED Expert Speakers: Dr. Evangelos Ouzounis, Head of Unit ‐ Secure Infrastructure and Services, ENISA Dr. Vasilis Katos, CHFI, Democritus University of Thrace ‐ ISACA Academic Advocate

INTERNATIONAL Speakers: Charlie McMurdie, Senior Cyber Crime Advisor, PwC, Former Head of Law Enforcement National Cyber capability, Police Central e‐Crime Unit, Metropolitan Police‐UK (1981 – 2013) Nikolaos Virvilis, CISA, CISSP, GPEN, Information Assurance Scientist, NATO Communications & Information Agency

3rd ISACA Athens Chapter Conference 2 & 4 November 2013

Speakers Iraklis Kanavaris, CISA, ISO 27001 LA, Supervising Senior Advisor, IT Risk and Management Consulting, KPMG Advisors AE Giorgos Gerogiannis, Datacenter & Cloud Solutions Manager, Unisystems Dr. Vasilis Vlachos, Lecturer at Technological Education Institute of Larissa – ISACA Academic Advocate Dr. Emmanouil Serrelis, CISM, PhD (InfoSec), Information Security Expert

Conference Chairman: Dr. Dimitris Gritzalis, Professor of ICT Security, Director of the M.Sc. Programme, Director of the Information Security and Critical Infrastructure Protection Laboratory, Dept. of Informatics, Athens University of Economics and Business

Stay in touch at www.hau.gr/management and www.isaca.gr for updates on the conference program. Official language: English, (Translation from Greek to English available only).

Venue: 2 Nov 2013 – Workshop – Athens, Hellenic American Union Conference Center, Hours: 09:00 – 18:00 4 Nov 2013 – Conference – Athens, Hotel Athenaeum Intercontinental, Hours:09:00‐18:15 Workshop & Conference (2 & 4 November) Conference Registration Fees Early Bird Regular Fee 4 November ISACA members €150 €170 €50 Non‐ISACA members €220 €250 €80 More than 2 registrations from same company €190 €210 €70 Collaborative institutions €190 €210 €70 Students (undergrads only) €120 €130 €30

Only Conference fees are subject to 23% VAT. Workshop fee is covered by LAEK / OAED 0,45 (for Greek companies only) Registration to workshop grants free entrance to the Conference on November 4th

You may register at the Hellenic American Union. For further information, please contact: EleniTsirigoti, PMP ISACA Athens Chapter Vocational Training Section, Hellenic American Union www.isaca.gr, [email protected] Tel: 210‐3680907, email: [email protected]

Premier Sponsors

With the participation of Supporters

Media Sponsors 3rd ISACA Athens Chapter Conference 2 & 4 November 2013

2013 ISACA Athens Chapter Conference –4 November –Agenda 08:00

Registration

08:45

Opening Remarks Dr. Dimitrios Gritzalis – Conference Chairman, Professor of ICT Security, Athens University of Economics & Business Mr. Ioannis Lefkakis, CISA, CRISC, CFE – ISACA Athens Chapter President Dr. Christos Dimitriadis, CISA, CISM, CRISC – ISACA International Director, Group Head of Information Security, Compliance & Innovation, Intralot Group

09:00 ‐ 09:40

1 – ISACA KEYNOTE Presentation ‐ Emerging IT Trends and their Implications to the Audit Profession Mr. Gregory Grocholski, CISA – Global Business Finance Director for The Dow Chemical Company, ISACA International President 2012‐2013

09:40 ‐ 10:30

ENISA and ISACA Workshop Addresses Cybersecurity Challenges for Telecom Operators and Regulators Dr. Christos Dimitriadis, CISA, CISM, CRISC – ISACA International Director, Group Head of Information Security, Compliance & Innovation, Intralot Group Dr. Evangelos Ouzounis – Head of Unit‐Secure Infrastructure and Services, ENISA

10:30 ‐ 10:50

International Presentation ‐ TBA Mrs. Charlie McMurdie – Senior Cyber Crime Advisor at PwC, Former Head of Law Enforcement National Cyber capability, Police Central e‐Crime Unit, Metropolitan Police‐UK

10:50 ‐ 11:15

Coffee Break

11:15 ‐ 11:30

About ISACA International – Answer & Win!

11:30 ‐ 12:10

2 – ISACA KEYNOTE Presentation ‐ IT Governance and Emerging Trends Mr. Georges Ataya, CISA, CGEIT, CRISC, CISM, CISSP – Past ISACA International VP, Managing Partner at ICT Control ‐ Professor at SolvayBrusselsSchool

12:10 ‐ 12:40

3 – INVITED EXPERT Presentation ‐ VoIP Forensics Dr. Vasilis Katos, CHFI – Associate Professor at Democritus University of Thrace ‐ ISACA Academic Advocate

12:40 ‐ 13:00

Presentation ‐Using Data Analytics and Continuous Auditing for Effective Risk Management Mr. Iraklis Kanavaris, CISA, ISO 27001 LA – SupervisingSenior Advisor, KPMG Advisors AE

13:00 ‐ 14:00

Lunch Break

14:00 ‐ 14:40

4 – ISACA KEYNOTE Presentation ‐ Geo‐Location: Risks, Strategies and Audit Aspects Mr. Urs Fischer, CISA, CRISC, CIA, CPA – Member of ISACA/ITGI's Nomination Committee, Owner & CEO Fischer IT GRC Consulting & Training

14:40 ‐ 15:10

Round Table Discussion: Cloud Computing ‐ "Sharing the Governance Burden: Getting Compliant in the Cloud" With the participation of Unisystems

15:10 ‐ 15:40

5 – INVITED EXPERT Presentation ‐ Advanced Persistent Threat vs Defenders: Why we keep losing this game Mr. Nikolaos Virvilis, CISA, CISSP, GPEN – Information Assurance Scientist, NATO Communications & Information Agency

15:40 ‐ 16:00

Presentation ‐ Protecting from NextGen Hacking Targets: From Information‐Driven Security to the Assurance of Everyday Life Dr. Emmanouil Serrelis, CISM– Information Security Expert

16:00 ‐ 16:25

Coffee Break

16:25 ‐ 16:40

About ISACA Athens Chapter – Answer & Win!

16:40 ‐ 17:00

Presentation ‐ TBA Sponsor Slot – TBA

17:00 ‐ 17:20

Presentation ‐ The OWASP Hackademic Challenges Project Dr. Vasileios Vlachos – Lecturer at Technological Educational Institute of Thessaly ‐ ISACA Academic Advocate

17:20 ‐ 18:00

ISACA Round Table Discussion: Emerging Trends – Have they emerged or the wave has yet to come? Mr. Gregory Grocholski, Dr. Christos Dimitriadis, Mr. Georges Ataya, Mr. Urs Fischer

18:15

End of Conference

Check at www.isaca.gr or www.hau.gr/management for more updates


Find out more about our speakers and the program KEYNOTE PRESENTATIONS Emerging IT Trends and their Implications to the Audit Profession with Gregory Grocholski,CISA, Global Business Finance Director for The Dow Chemical – ISACA International President 2012‐2013 Abstract:No one doubts or questions the impact of technology in social and business environments. The challenge for organizations will be to understand the risks, balance cost versus controls, and ensure critical assets are secured in a manner yet to allow for the optimal use of those assets. The audit profession needs skilled IT auditors to adequately address emerging IT trends, risks and the pace by which all of this is occurring. BIO: Gregory T. Grocholski, CISA, is a global business finance director for The Dow Chemical Company, at the global headquarters in Midland, Michigan, USA. Grocholski has 30 years of experience with Dow serving in various capacities and managerial positions, including accounting, information systems, auditing, and controllers. Recently, he served as the company’s chief audit executive leading the Corporate Investigations Services group and was accountable for Dow’ worldwide audit activities in the Finance, IT, and operations areas. ENISA and ISACA Workshop Addresses Cybersecurity Challenges for Telecom Operators and Regulators with Dr.Christos Dimitriadis,CISA, CISM, CRISC, Group Head of Information Security, Compliance and Innovation for Intralot Group – Director at ISACA International BoD and with Dr. Evangelos Ouzounis, Head of Unit‐Secure Infrastructure and Services, ENISA Abstract: TBA BIO: Christos K. Dimitriadis, CISA, CISM, CRISC, is an International Vice President of ISACA. He also is the Group Head of Information Security, Compliance and Innovation for Intralot Group, a multinational supplier of integrated gaming and transaction processing systems based in Greece, managing information security in more than 50 countries in all continents. Mr. Dimitriadis has served ISACA as chairman of the External Relations Committee and member of the Relations Board, Academic Relations Committee, ISACA Journal Editorial Committee and Business Model for Information Security Workgroup. Mr. Dimitriadis has been working in the area of information security for 11 years and has authored 70 publications in the field. He has been providing information security services to the ITU, European Commission Directorate General, European Ministries and international organizations, as well as business consulting services to entrepreneurial companies. Mr. Dimitriadis received a diploma of electrical and computer engineering from the University of Patras, Greece, and a Ph.D in information security from the University of Piraeus, Greece. Christos was awarded in 2013 with the “John W. Lainhart IV Common Body of Knowledge Award” by ISACA International. BIO: Dr. Evangelos Ouzounis is the head of ENISA’s Resilience and Critical Information Infrastructure Protection (CIIP) Unit. His unit implements EU Commission’s CIIP action plan, organises the CIIP exercises (e.g. Cyber Europe 2012/10, Cyber Atlantic 2011), facilitates Member States efforts towards a harmonised implementation of incident reporting scheme (article 13 a of new Telecom Package), and develops good practices for national cyber security strategies and national contingency plans. ENISA’s Resilience and CIIP Unit runs also numerous other studies on cyber security aspects of critical sectors and services like Industrial Control Systems ‐ SCADA, Smart Grids, Cloud Computing, Botnets and Interconnected Networks. The Unit also issues strategic recommendations and develops good practices for relevant stakeholders. Prior to his position at ENISA, Dr. Ouzounis worked several years at the European Commission, DG Information Society and Media (DG INFSO). He contributed significantly to EU Commission’s R&D strategy and policies on securing Europe’s infrastructures and services. Dr. Ouzounis was co‐founder of Electronic Commerce Centre of Competence (ECCO) at Fraunhofer Institute for Open Communication Systems (FhG‐FOKUS, Berlin, Germany). He led and managed more than 20 pan European and International R&D projects. Dr. Ouzounis holds a Ph.D from the Technical University of Berlin and a master in computer engineering and informatics from the Technical University of Patras, Greece. He was a lecturer at Technical University of Berlin, wrote 2 books and more than 20 peer reviewed academic papers and chaired several international conferences. 3rd ISACA Athens Chapter Conference 2 & 4 November 2013

IT Governance and Emerging Trends With Georges Ataya,CISA, CGEIT, CRISC, CISM, CISSP, Managing Partner at ICT Control ‐ Professor at Solvay Business School – Past ISACA International VP Abstract: TBA BIO: Professor Georges is the Academic Director of IT Management Education at Solvay Brussels School of Economics and management (Executive Education). He is also a Professor at the Master in Management delivering Enterprise Consulting workshop since 2006 and in charge of IT Governance from 2011 (Master Graduate study). solvay.edu/it. As a Managing Partner with ICT Control (a Brussels based firm) he is involved with consulting and Management advisory in the domains of IT Governance, Information Security Management, Enterprise architecture and sourcing management. Ictc.eu Geo‐Location: Risks, Strategies and Audit Aspects with Urs Fischer, CISA, CRISC, CIA, CPA, Owner & CEO Fischer IT GRC Consulting & Training, Member of ISACA/ITGI's Nomination Committee Abstract: Geo‐location data, revealing an individual’s physical location, are obtained using tracking technologies such as global positioning system (GPS) devices, Internet Protocol (IP) geo‐location using databases that map IP addresses to geographic locations, and financial transaction information. Uses of the information are myriad, including direct marketing and context‐sensitive content delivery, monitoring of criminals, enforcing location‐based access restrictions on services, cloud balancing, and fraud detection and prevention. Geo‐location technologies and their application, while offering social and economic benefit to a mobile society, raise significant privacy and risk concerns for individuals, businesses and governments. In this presentation you will learn about the risks involved, the strategies to response to this risks and the audit aspects to cover. BIO: Since October 2010, Urs Fischer is working as an independent IT GRC consultant and trainer. He was vice‐president and head of IT governance, risk management and IT‐Security within the Swiss Life Group from December 2003 through September 2010. Prior to that the worked for 4 years as head of IT audit for the Swiss Life Audit Department based in Zurich, Switzerland. Since 1989, Fischer has worked in the IT Governance, audit and security areas and has gained extensive IT governance, risk management and information systems security work experience, especially in the finance and insurance area. In 2010, as recognition of his major contributions to the development and enhancement of the common body of knowledge used by the constituencies of ISACA in the field of IS audit, security and/or control and risk management, IS risk management certification, Fischer received the "John Lainhart IV ‐ Common Body of Knowledge Award". VoIP Forensics with Dr. Vasilis Katos, CHFI, Associate Professor and Director of the Information Security and Incident Response Research Unit, Department of Electrical and Computer Engineering, Democritus University of Thrace ‐ ISACA Academic Advocate Abstract: VoIP services are becoming very popular and are adopted by many organisations and individuals. In this presentation, we will examine common security threats against VoIP infrastructures and the relevant forensic artefacts that can be obtained during an investigation in order to identify the threat sources. We will show how analysis can be performed over a popular Voice over IP (VoIP) protocol and propose a framework for capturing and analyzing volatile VoIP data in order to determine forensic readiness requirements for effectively identifying an attacker. We will establish that if forensic readiness processes and controls are in place, a wealth of evidence can be obtained, such as the private IP addresses of the attacker even during the presence of NAT services, as well as the type of end user equipment of the legitimate users and the attack tools employed by the malicious parties. BIO: Dr. VasilisKatos, CHFI, is Associate Professor and Director of the Information Security and Incident Response Research Unit at the Department of Electrical and Computer Engineering at the Democritus University of Thrace. Prior to this post, he was Principal Lecturer at the University of Portsmouth and tutor for the MSc in Forensic IT programme. Dr. Katos has worked as an expert witness in the UK and as a security architect for Cambridge Technology Partners (Novell, Inc.) for a period of two years. His research interests are in the area of digital forensics and incident response. 3rd ISACA Athens Chapter Conference 2 & 4 November 2013

INTERNATIONAL SPEAKERS SLOTS Presentation: TBA with Mrs. Charlie McMurdie, Senior Cyber Crime Advisor, PwC, Former Head of Law Enforcement National Cyber capability, Police Central e‐Crime Unit, Metropolitan Police‐UK (1981‐2013) Abstract: TBA BIO: Charlie is an acknowledged cybercrime and security expert who has a proven and highly acclaimed reputation for generating strategic direction and delivery of operational capability to confront the impact of cybercrime whilst proactively utilising and responding to emerging technologies which fuel it. Completing almost 32 years’ service in the Metropolitan Police retiring at the rank of Detective Superintendent, Charlie is an individual who has breadth of vision, innovation and credibility as demonstrated in establishing and building the Police Central e‐crime Unit, that is now a world class cybercrime capability and the national cybercrime investigative and enforcement body in the United Kingdom. In addition Charlie is an internationally acclaimed authority and advisor on issues within government and industry in relation to the Internet, communication technology, computing and security sectors and an effective ambassador and negotiator with refined interpersonal and influencing skills who leads for UK policing on a range of strategic programmes and sensitive partnerships with the private sector, and who maintains a unique personal network spanning academia, industry, government, law enforcement, intelligence and security agencies internationally. Advanced Persistent Threat vs Defenders: Why we keep losing this game With Nikolaos Virvilis, CISA, CISSP, GPEN, Information Assurance Scientist, NATO Communications & Information Agency Abstract: As both the number and the complexity of cyber‐attacks continuously increase, it is becoming evident that current security mechanisms have limited success in detecting sophisticated threats. Stuxnet, Duqu, Flame, Red October and more recently Miniduke, have troubled the security community due to their severe complexity and their ability to evade detection ‐ in some cases for several years, while exfiltrating gigabytes of data or sabotaging critical infrastructures. The significant technical and financial resources needed for orchestrating such complex attacks are a clear indication that perpetrators are well organized and, likely, working under a state umbrella. In order to address such complex threats, we have to redesign our defenses from the ground, focusing on defense in depth and big data analytics BIO: Nikos Virvilis MSc, CISSP, CISA, GPEN, holds the position of “Information Assurance Scientist” at the Cyber Defense and Assured Information Sharing Division of NATO Communications and Information Agency in Netherlands. In the past, he has worked as an Information Assurance Consultant/Security Expert for Encode S.A. and the Hellenic Army. He got his Bachelor’s degree from the Athens University of Economics and Business and his Master’s from Royal Holloway – University of London. He is a PhD researcher at the Athens University of Economics and Business focusing on Advanced Persistent Threat Detection and Mitigation, under the supervision of Prof. DimitrisGritzalis.

SPEAKING SLOTS Using Data Analytics and Continuous Auditing for Effective Risk Management with Iraklis Kanavaris,CISA, ISO 27001 LA, Supervising Senior Advisor, IT Risk and Management Consulting, KPMG Advisors SA Abstract: Organizations are increasingly exposed to a variety of new risks such as growing compliance regulations, fraud schemes, operational inefficiencies and errors that can lead to financial loss or other operational risk, as well as, reputational damage. As a result, organizational efforts to adopt innovative ways to assess and manage risk and enhance performance are critical. Data analytics and continuous auditing/ monitoring have long been viewed as initiatives that can streamline business processes and mitigate business risks, by providing operational efficiencies, reducing costs and detecting potential fraud, errors and abuse earlier ‐ all while providing a higher quality audit. It is also increasingly becoming a way for organizations to create value. BIO: Iraklis Kanavaris has more than ten years of professional experience in Information & Communications Technology (ICT) and IT Risk Management. His primary professional focus is on the areas of IT GRC, IT Audit and Information Security. 3rd ISACA Athens Chapter Conference 2 & 4 November 2013

During his professional carrier, he has assisted many organizations, from various industry sectors, in the alignment of IT strategic objectives with key business objectives, the implementation of cutting‐edge IT solutions, as well as, with the effective management of IT‐related business process and security risks in compliance with regulatory frameworks (e.g. SOX‐ 404). He has also extensive experience in the areas of IT risk assessment, IT attestation (SOC1/SOC2 and ISAE 3402), IT due‐ diligence and in the development of business continuity & disaster recovery plans. Mr Kanavaris holds a BSc in Computing and Management (University of Essex, UK), and a MSc in Information Technology for E‐Commerce (University of Sussex, UK). The OWASP Hackademic Challenges Project with Dr.Vasileios Vlachos, Lecturer at Technological Education Institute of Thessaly – ISACA Academic Advocate Abstract:The OWASP Hackademic Challenges Project is an open source project that helps students test their knowledge on web application security. The Hackademic Challenges implement realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker's perspective. BIO:Dr. Vasileios Vlachos is a lecturer at the Department of Computer Science and Engineering of the Technological Educational Institute (TEI) of Thessaly. He is a senior R & D engineer at the Research Academic Computer Technology Institute (R.A.C.T.I.) of Patras, Greece. He was a member of the Digital Awareness and Response to Threats (DART) team of the Special Secretariat for Digital Planning of the Hellenic Ministry of Economy and Finance. Dr. Vlachos holds a Diploma of Engineering in Electronic & Computer Engineering from Technical University of Crete, an MSc in Integrated Hardware and Software Systems from the Department of Computer Engineering and Informatics of the University of Patras and a PhD in Information Systems Security from the Department of Management Science and Technology of the Athens University of Economics and Business. Dr. Vlachos has taught at the University of Thessaly, the University of Central Greece and the University of Piraeus. He is co‐founder and coordinator of the DART‐NGO (Non‐Governmental Organization). Protecting from NextGen Hacking Targets: From Information‐Driven Security to the Assurance of Everyday Life with Dr. Emmanouil Serrelis, CISM, PhD (InfoSec), Information Security Expert Abstract: Are your TV, washing machine and car protected from hacking attempts? Are you? Security threats are not just for financial institutions and information‐driven environments any more. Hackers aim for everyday people ‐ targeting commercial and consumer appliances. This session presents some of the most noteworthy next generation hacking targets, discussing what should other industries learn from information security‐aware organizations as well as how they will build up a realistic risk reduction action plan. BIO: Emmanouil Serrelis (BEng, MSc, MBA, PhD, CISM) is an Information Security expert lecturer with over 17 years experience in the areas of Information Technology, Telecommunications, Business Administration and Security Management. He has been an Information Systems Security Officer in a large financial institution and coordinator of numerous InfoSec projects (Private, Public, European, Applied and Research), member of Technical Committees and speaker at multiple scientific and technical conferences. He has been the author of various publications and his main research interests are Information Security Metrics, Management of Critical Information Systems and Secure P2P Electronic Financial Services.


Conference Chairman Dr. Dimitrios Gritzalis, Professor of ICT Security, Director of the M.Sc. Programm, Director of the Information Security and Critical Infrastructure Protection Laboratory, Dept. of Informatics, Athens University of Economics and Business BIO: Dr. Dimitris Gritzalis is a Professor of ICT Security, the Director of the M.Sc. Programme, and the Director of the Information Security and Critical Infrastructure Protection Laboratory, with the Dept. of Informatics of the Athens University of Economics and Business. He holds a B.Sc. (Mathematics, Univ. of Patras), a M.Sc. (Computer Science, City University of New York), and a Ph.D. (Critical Information Systems Security, Univ. of the Aegean). Prof. Gritzalis has served as Associate Commissioner of the Greek Data Protection Commission and as the President of the Greek Computer Society. For more than 25 five years he has participated in more than 100 research and consulting projects. His technical publications include 10 books and more than 150 papers. His current research interests focus on privacy in the social media, digital forensics, and critical information infrastructure protection. Check at www.isaca.gr or www.hau.gr/management for more updates


Pre‐Conference Workshop

Athens, 2 November 2013, 09:00‐17:00 Overview This year the pre‐conference workshop is consisted of two specific sessions, each one lasting approximately 3½ hours. The first session focuses on management of IT‐related business risk as an essential component of IT governance and is based on recently launched COBIT5 framework. Facilitator is Mr. Urs Fischer who has served ISACA from various positions until today, among of which are Chair of ISACA's & IT Governance Institute's Risk IT Task Force and Member of the COBIT Steering Committee and of the Credentialing Board Chair ISACA's CRISC Committee. The second session is a “hands‐on” experience on the processes, methodologies and tools used during an incident response and conducting a forensic investigation. Facilitator is Dr. VasilisKatos, Associate Professor and Director of the Information Security and Incident Response Research Unit at the Department of Electrical and Computer Engineering at the Democritus University of Thrace, who has long‐served as an ISACA Academic Advocate.

1st Session

WS1 — IT Risk Management based on COBIT5 (for Risk) Facilitator: Urs Fischer, CISA, CRISC Owner, Fischer IT GRC Training & Consulting

Abstract: Effective management of IT‐related business risk has become an essential component of IT governance. To recognize the complex and diverse role that risk plays, it is essential to develop a clear understanding of the risk universe, appetite and culture within your enterprise. It is also important to be able to identify and classify different types of risk, and choose an applicable analysis method for your enterprise. Leading the drive to help organizations mitigate risks, ISACA has developed several guidance (especially COBIT 5 for Risk) to help an organization manage their IT‐related risk. This half‐day, instructor‐ led workshop will provide the essential building blocks to develop a risk management plan. It describes the principles of IT risk management, the responsibilities and accountability for IT risk, how to build up awareness, and how to communicate risk scenarios, After completing this session, you will be able to:  Describe the principles and methodology of IT risk management  Discuss aspects of risk culture and how they affect risk management  Understand risk appetite, risk tolerance and target risk concepts  Describe and understand IT‐related risk using risk scenarios analysis, know how risk scenarios can be constructed  Determine what data to collect and where to collect it to monitor and respond to risk  Discuss several methods to describe impact and magnitude of IT events in business related terms  Describe risk responses suitable for different risk scenarios  Develop risk response plans


2nd Session

WS2 — Digital Forensics and Incident Response Facilitator: DrVasilisKatos, CHFI Associate Professor and Director of the Information Security and Incident Response Research Unit at the Department of Electrical and Computer Engineering at the Democritus University of Thrace. Democritus University of Thrace, ISACA Academic Advocate

Abstract: When most modern information systems eventually fail, it is not a matter of "pulling the plug" or rebooting the system; recovery may involve litigation which in turn requires the collection, preservation and analysis of digital evidence in order to allow the identification of the cause of the failure. Digital forensics and incident response is about handling information security failures and cybercrime related incidents in general, in a way that the collected evidence are admissible – that is, they are accepted as evidence in a court of law. The workshop is about the processes, methodologies and tools used during an incident response and conducting a forensic investigation. After completing this session, you will be able to:  Appreciate the challenges first responders and forensic analysts may face during a security incident  Understand the different phases of a forensic investigation  Acknowledge the wealth and variety of the many forms of cybercrime  Obtain knowledge on a selection of tools used in incident response and forensic analysis  Understand the need of forensic readiness for an organization

Information This workshop grants 8 CPEs and 2 PDUs. This is a training, highly interactive workshop, therefore participation is limited. Participants will be accepted on a “first come‐first served” basis. To secure your place, please register on time. Official language: English
