Coordinator of Management Information System Team, MOU SA
Computer Scientist, MOU SA
Employing Digital Signatures within SYZEFXIS
SYZEFXIS has been established as the major telecommunication infrastructure of the public sector in Greece. One of SYZEFXIS services is the provision of digital certificates to be employed for the digital signing and encryption of a variety of documents exchanged among nodes of the public sector. Although the utilization of such digital signatures seems to be straight forward in applications like e-mail, at the same time it is harder to incorporate in custom user applications. The presentation suggests an implementation, currently piloted in the IT system of the Greek Ministry of Economy and Finance. It will cover high level design issues and continue to cover the nitty gritty details and difficulties of the actual software implementation.
Head of Telephony Department, Network Operations Center, University of Ioannina
Director, Office of Risk Management, EMC
Building Security Based Upon Risk
Information security budgets have risen in recent years in response to increased instances of fraud, data loss, and breaches. But holistic security strategies that are information centric must also be part of the standard technology and financial focus. One of the keys is to consolidate your information security holdings into a more integrated strategic approach that can lead to a demonstrable return on your investment. We will discuss some basic steps that will help you move towards reduced capital and expense, leverage your security investments to address multiple requirements based upon risk, and reduce overall operational costs.
Founder & MD, Carhoseel
Wireless Uninfected Life in the Future?
As wireless phone, PDA networks as well as wireless broadband connections become more numerous in our companies and as well more complex, it has become more difficult to secure them against electronic attacks in the form of viruses or malicious software. What does this mean and how will this affect our daily life. Is there any way of copying with this and if so will this affect our business.
President, ISACA Athens Chapter, and Manager, Ernst & Young Advisory Services
Information Security Governance: Designing and Implementing Security Effectively
An adequate governance framework for information security supports the effective implementation of an information security programme. Issues like “how do I align my security goals with the overall IT and business objectives”, “how do I measure the performance of my security programme and the value created for my company?” could be addressed within such a framework. The presentation discusses the different dimensions of information security governance according to ISACA (strategic alignment, risk management, value delivery, resource management and performance measurement), how to develop an information security strategy within the organization’s governance framework, how to drive that strategy effectively and how to measure progress toward achieving them.
ISACA Business Model Development Committee representative / Security Officer Intralot
The ISACA Business Model for Information Security
ISACA is developing a holistic model for information security management. The resulting Business Model for Information Security takes a business-oriented approach to managing information security. It utilizes the concepts of systems thinking to examine complex relationships within the enterprise to effectively manage security in a way that is beneficial to the enterprise. Its holistic and dynamic approach to information security within the context of business will demonstrate that information security can be both predictive and proactive as it adapts to changes, considers the organizational culture, and delivers value to the business.
MSc Infosec, CISSP – Senior Information Security Consultant, Intracom IT Services
The human side of hacking - Next Generation Hack
Much of the security research community spends its time searching for simple human errors, because such errors are often the most likely point of access for the “bad guys”. Hackers exploit weaknesses in the person, not the machine. Today's "hacker battles" are fought not between man and machine, but between people. Smart hackers seek out people's weaknesses -- such as trust or greed -- and exploit them. In the long run, the best defenses will be those that not only protect machines from attack, but defend humans from themselves.
CISSP, MSc, Technology Manager, G4S Telematix
Security in Motion
Telemetry, the reporting of measured data and information to a remote system, is a technology which spreads rapidly and provides a competitive advantage to organizations using it for planning and management. Measurements reported, stored, analyzed and presented to business owners require confidentiality, integrity and availability as is the case with all information. The exposure of that specific information may jeopardize among others personal safety and asset value. In this session, specific security measures that may be implemented towards protecting that information will be presented.
Declarative & Adaptive Security Policies in Oracle Fusion Applications
This is a hands-on session that demonstrates the capabilities of building secure Oracle Fusion Applications offered by the powerful JDeveloper 11g and Weblogic Server. The session will cover not only the declarative features of the platform, but also best practices of how to implement dynamic, adaptive security policies tailor-made for complicated needs.
Head of Sourcing, Ericsson, Istanbul Turkey
An Audit Approach to Mobile Device Security
Continuously expanding chip capacity has driven more computing power into our pocket today than fit into a 1970’s 5 story building. The end result of Moore’s law is that IT users carry their business-critical information with them. This evolution has created a dynamic mobile working environment, which enables business users with the ability to initiate & receive phone calls and voice messages, send & receive emails and instant messages, access an intranet, surf the Internet, and access business applications as well as make physical proximity a non-issue, it has also created huge opportunities for enterprise data loss and security breaches. The goal of this session is to outline the an audit approach for mobile communication devices including smart phones, personal digital assistants (PDAs) (e.g.,Blackberry, pocket PCs), flash drives, memory sticks, and other radio frequency (RF) and USB devices.
CISA, CISM, IS Auditor – Project Manager, Alpha Bank
Are spreadsheets risky? Audit & Security implications
Spreadsheets are everywhere. They enable us quickly to perform analysis that would otherwise be difficult or time consuming to prepare. Several surveys stress out the pervasiveness of excel spreadsheets and their role in decision making in the financial sector.
The problem is that we tend to place undue trust in the integrity and the confidentiality of the data we handle through spreadsheets. Spreadsheet applications are unable to provide with robust security controls to ensure the security of the information handled.
Spreadsheets are here to stay and they are not going to go away, and nor should they. The key concern is what is our exposure and what should we do to ensure the security of the information.
CISA, Audit & Risk Service
CObIT and Information Security
In this session delegates will be introduced to the features in the CObIT family of products that can help make an auditor's life easier, and more effective, focusing on the area of IT Security.
Director, Limelogic Ltd
Global Access, Collaboration, and Security
The concept of global access and the increasing collaboration across and outside of an organization exposes potential security issues that require efficient change management. The business aims to satisfy accessibility and functional requirements, while security is most often offset to a technical implementation. Tools and systems built and deployed for internal use may not be designed with the necessary security in mind or the context of a global role. We consider how the business need can drive a common focus on access and security with a few timely asked questions to quantify the business view of risk and identify security concerns. The discussion spans new business tools and the use of online services to situations where a greater accessibility is requested for an existing business critical system. The intent is a result that fulfills security expectations while meeting all the business goals and requirements.
PhD, CEng, CITP, MBA, FBCS, MBCS, CISA, CGEIT, FIIA, MIIA, QiCA, CFE, Managing Director, LHS Business Control
Information Security Assurance: synergy beats bayoneting every time
Bayoneting the wounded after the battle is often the security officer’s view of the computer auditor and there may be some truth in that view, but per haps the security officer should not be wounded in the first place. After all, assurance that the organisation’s IT assets are protected should, in the first instance, come from the Chief Security Officer (CSO). If these assurances are correct then the computer auditor will be supportive of the assurances being made. However, independent and objective assurance that the assertions made by the CSO can be relied on sometimes come to a different opinion. Both the CSO and the CA rely on the same information sources so why should there be this dichotomy? Perhaps the CSO and the CA could work together to provide the necessary assurance? The concept of co-operative assurance is not new, but few organisations have successfully implemented it. This session will propose a link between risk management, control self assessment, self-declaration and objective assurance. The use of international and other standards will be examined from the view that these can help to provide cost effective security assurance. The roles of the CIO and CA in the assurance process will be examined from the premise that working together is better than working separately and that the synergy between the two is greater than the sum of the parts.
Group Information Security Officer, Alpha Bank
Data Leakage : The trends of internal and external threats
Data is the most valuable asset for the organizations. Users have also the need for protecting their personal data, especially while connected to the Internet. Laws and regulations are in place. But, the threats are changing and new attacks, targeting to data theft from users as well as from corporations, are arising day by day. These threats and methods, internal and external, will be analyzed and protection measures will be presented in order to mitigate the risks.
Founder and CEO, Inter Engineering
Biometrics as means of Strong Authentication. Will it grow or will it go?
By now the existence of Biometrics technology and applications is well known to the IT world and even to the majority of the general public. However, the pace of penetration of Biometrics as a means of Strong Authentication is much slower than supporters of this technology were expecting some years ago. Other strong authentication methods such as smartcards and tokens are the solutions really used today, whereas Biometrics is still seen as a niche. What are the reasons for this? Is Biometric authentication after all not the solution it promised to be making life extremely more easy for all of us? The speaker’s hypothesis is that it is mostly a problem of acceptance, caused by misinformation or lack of information provided to the public. In his presentation Josmaarten Swinkels will discuss what the misconceptions are that go around in public, how strong authentication through Biometrics really works, in which fields of application it is an extremely better solution than other types of authentication and why.
Chief of Operations, First Base Technologies
New Blended Attacks: defending against social engineering combined with technology
Today’s criminals combine technical, physical and human exploits in attacks against organisations of all types. Hear real-life case studies of these new methods and the impact on business. Learn about the future of criminal hacking and how organised crime continually adapt. Discover how to detect and defend against blended attacks using the “human firewall” in concert with technology.
Senior Consultant, Ether Applications
Attacks and Countermeasures
During this workshop we’ll be performing an attack on a live system, while both the attacker and the defender will be present and evaluating their options during the attack. As part of this workshop we’ll demonstrate hacking techniques as well as protection mechanisms as applied in a real case and what steps can be taken to protect systems further.
Case Study Abstracts
Chief Executive, IT Governance Ltd.
Securing information assets with international best practice standard ISO27001: a case study
ISO27001 is the international best practice standard for corporate information security management. It is also emerging as the single worldwide standard for data security regulatory compliance. This composite case study looks at the business benefits of adopting the standard, and identifies the nine key steps in designing and implementing an Information Security Management System (ISMS) based on ISO27001. This case study draws on and illustrates the different experiences of small and large organisations, and also identifies key differences between public and private sector approaches.
CISA, Audit & Risk Service
Auditing Information Security Using CObIT
In this session you will learn how to apply some of the features currently available in CObIT in the context of an audit of IT Security. We will work in some depth through the various stages of an audit of one area of IT Security using the features currently available to auditors in the CObIT family of products.
Services Director, ETHER Applications Ltd
Geniki Bank eBanking & Digital Signatures: How we combined technology with business needs
During this session we’ll present how the project team was able to implement a strong security mechanism, capable of protecting electronic transactions and ensuring their integrity. Participants will be presented with the problems and requirements that the team faced and the tough decisions that were required to create the necessary deliverables.
Head of Direct Banking, Emporiki Bank
Maximizing security in Internet Banking using EMV cards
During the case study, Emporiki Bank, Adacom and Todos will present how they launched a solution for strong authentication on Internet banking services, based on EMV-CAP cards, and by doing so set a new standard in domestic Internet banking technology.