Abstracts

Antonis Alexakis

Coordinator of Management Information System Team, MOU SA

Sofia Anagnostopoulou

Computer Scientist, MOU SA

Employing Digital Signatures within SYZEFXIS

SYZEFXIS has been established as the major telecommunication infrastructure of the public sector in Greece. One of SYZEFXIS services is the provision of digital certificates to be employed for the digital signing and encryption of a variety of documents exchanged among nodes of the public sector. Although the utilization of such digital signatures seems to be straight forward in applications like e-mail, at the same time it is harder to incorporate in custom user applications. The presentation suggests an implementation, currently piloted in the IT system of the Greek Ministry of Economy and Finance. It will cover high level design issues and continue to cover the nitty gritty details and difficulties of the actual software implementation.

 

Iosif I. Androulidakis

Head of Telephony Department, Network Operations Center, University of Ioannina

Intercepting mobile phone calls and short messages: Theory & Practice
 
The fact that mobile phone communications including voice and data are not safe is hopefully well known by now. What is not known is the ease with which such attacks to our privacy can take place. This talk aims to present and explain both the theoretical and the practical background of mobile phone interception techniques providing valuable security advice. A live demonstration featuring an actual implementation of interception equipments will convince even the most skeptical.
 
 

Jeff Bardin

Director, Office of Risk Management, EMC

Building Security Based Upon Risk

Information security budgets have risen in recent years in response to increased instances of fraud, data loss, and breaches. But holistic security strategies that are information centric must also be part of the standard technology and financial focus. One of the keys is to consolidate your information security holdings into a more integrated strategic approach that can lead to a demonstrable return on your investment. We will discuss some basic steps that will help you move towards reduced capital and expense, leverage your security investments to address multiple requirements based upon risk, and reduce overall operational costs.

 

Michael Carlqvist

Founder & MD, Carhoseel

Wireless Uninfected Life in the Future?

As wireless phone, PDA networks as well as wireless broadband connections become more numerous in our companies and as well more complex, it has become more difficult to secure them against electronic attacks in the form of viruses or malicious software. What does this mean and how will this affect our daily life. Is there any way of copying with this and if so will this affect our business.


Anestis Demopoulos

President, ISACA Athens Chapter, and Manager, Ernst & Young Advisory Services

Information Security Governance: Designing and Implementing Security Effectively

An adequate governance framework for information security supports the effective implementation of an information security programme. Issues like “how do I align my security goals with the overall IT and business objectives”, “how do I measure the performance of my security programme and the value created for my company?” could be addressed within such a framework. The presentation discusses the different dimensions of information security governance according to ISACA (strategic alignment, risk management, value delivery, resource management and performance measurement), how to develop an information security strategy within the organization’s governance framework, how to drive that strategy effectively and how to measure progress toward achieving them.

 

Dr Christos K. Dimitriadis

ISACA Business Model Development Committee representative / Security Officer Intralot

The ISACA Business Model for Information Security

ISACA is developing a holistic model for information security management. The resulting Business Model for Information Security takes a business-oriented approach to managing information security. It utilizes the concepts of systems thinking to examine complex relationships within the enterprise to effectively manage security in a way that is beneficial to the enterprise. Its holistic and dynamic approach to information security within the context of business will demonstrate that information security can be both predictive and proactive as it adapts to changes, considers the organizational culture, and delivers value to the business.

 

Grigorios Dimitropoulos

MSc Infosec, CISSP – Senior Information Security Consultant, Intracom IT Services

The human side of hacking - Next Generation Hack

Much of the security research community spends its time searching for simple human errors, because such errors are often the most likely point of access for the “bad guys”. Hackers exploit weaknesses in the person, not the machine. Today's "hacker battles" are fought not between man and machine, but between people. Smart hackers seek out people's weaknesses -- such as trust or greed -- and exploit them. In the long run, the best defenses will be those that not only protect machines from attack, but defend humans from themselves.

 

Michalis Kamprianis

CISSP, MSc, Technology Manager, G4S Telematix

Security in Motion

Telemetry, the reporting of measured data and information to a remote system, is a technology which spreads rapidly and provides a competitive advantage to organizations using it for planning and management. Measurements reported, stored, analyzed and presented to business owners require confidentiality, integrity and availability as is the case with all information. The exposure of that specific information may jeopardize among others personal safety and asset value. In this session, specific security measures that may be implemented towards protecting that information will be presented.

 

Serafeim Karapatis 

Senior Consultant

Declarative & Adaptive Security Policies in Oracle Fusion Applications

This is a hands-on session that demonstrates the capabilities of building secure Oracle Fusion Applications offered by the powerful JDeveloper 11g and Weblogic Server. The session will cover not only the declarative features of the platform, but also best practices of how to implement dynamic, adaptive security policies tailor-made for complicated needs.

 

Kaya Kazmirci

Head of Sourcing, Ericsson, Istanbul Turkey

An Audit Approach to Mobile Device Security

Continuously expanding chip capacity has driven more computing power into our pocket today than fit into a 1970’s 5 story building. The end result of Moore’s law is that IT users carry their business-critical information with them. This evolution has created a dynamic mobile working environment, which enables business users with the ability to initiate & receive phone calls and voice messages, send & receive emails and instant messages, access an intranet, surf the Internet, and access business applications as well as make physical proximity a non-issue, it has also created huge opportunities for enterprise data loss and security breaches. The goal of this session is to outline the an audit approach for mobile communication devices including smart phones, personal digital assistants (PDAs) (e.g.,Blackberry, pocket PCs), flash drives, memory sticks, and other radio frequency (RF) and USB devices.

 

George Mallikourtis

CISA, CISM, IS Auditor – Project Manager, Alpha Bank

Are spreadsheets risky? Audit & Security implications

Spreadsheets are everywhere. They enable us quickly to perform analysis that would otherwise be difficult or time consuming to prepare. Several surveys stress out the pervasiveness of excel spreadsheets and their role in decision making in the financial sector.
The problem is that we tend to place undue trust in the integrity and the confidentiality of the data we handle through spreadsheets. Spreadsheet applications are unable to provide with robust security controls to ensure the security of the information handled.
Spreadsheets are here to stay and they are not going to go away, and nor should they. The key concern is what is our exposure and what should we do to ensure the security of the information.
 

Charles Mansour

CISA, Audit & Risk Service

CObIT and Information Security

In this session delegates will be introduced to the features in the CObIT family of products that can help make an auditor's life easier, and more effective, focusing on the area of IT Security.

 

Magnus Mengelbier

Director, Limelogic Ltd

Global Access, Collaboration, and Security

The concept of global access and the increasing collaboration across and outside of an organization exposes potential security issues that require efficient change management. The business aims to satisfy accessibility and functional requirements, while security is most often offset to a technical implementation. Tools and systems built and deployed for internal use may not be designed with the necessary security in mind or the context of a global role. We consider how the business need can drive a common focus on access and security with a few timely asked questions to quantify the business view of risk and identify security concerns. The discussion spans new business tools and the use of online services to situations where a greater accessibility is requested for an existing business critical system. The intent is a result that fulfills security expectations while meeting all the business goals and requirements.
 

Dr John Mitchell

PhD, CEng, CITP, MBA, FBCS, MBCS, CISA, CGEIT, FIIA, MIIA, QiCA, CFE, Managing Director, LHS Business Control

Information Security Assurance: synergy beats bayoneting every time

Bayoneting the wounded after the battle is often the security officer’s view of the computer auditor and there may be some truth in that view, but per haps the security officer should not be wounded in the first place. After all, assurance that the organisation’s IT assets are protected should, in the first instance, come from the Chief Security Officer (CSO). If these assurances are correct then the computer auditor will be supportive of the assurances being made. However, independent and objective assurance that the assertions made by the CSO can be relied on sometimes come to a different opinion. Both the CSO and the CA rely on the same information sources so why should there be this dichotomy? Perhaps the CSO and the CA could work together to provide the necessary assurance? The concept of co-operative assurance is not new, but few organisations have successfully implemented it. This session will propose a link between risk management, control self assessment, self-declaration and objective assurance. The use of international and other standards will be examined from the view that these can help to provide cost effective security assurance. The roles of the CIO and CA in the assurance process will be examined from the premise that working together is better than working separately and that the synergy between the two is greater than the sum of the parts.

 

Gerasimos Moschonas

Group Information Security Officer, Alpha Bank

Data Leakage : The trends of internal and external threats

Data is the most valuable asset for the organizations. Users have also the need for protecting their personal data, especially while connected to the Internet. Laws and regulations are in place. But, the threats are changing and new attacks, targeting to data theft from users as well as from corporations, are arising day by day. These threats and methods, internal and external, will be analyzed and protection measures will be presented in order to mitigate the risks.

 

Prof. Howard A. Schmidt

President & CEO, Information Security Forum, UK
 
The International State of Information Security, People, Processes and Technologies
 
Over the past 20 years the face of information protection and critical infrastructure protection has changed dramatically. What we once viewed as frequent annoyances have changed into threats to national security, public safety and financial stability. Prof. Schmidt will talk about the progression of our dependencies on our ICT systems and the evolving threats against those systems. From application development to cyber crime we can make progress on protecting data, intellectual property and our identities by employing the correct policies, people and technology.

 

Josmaarten Swinkels

Founder and CEO, Inter Engineering

Biometrics as means of Strong Authentication. Will it grow or will it go?

By now the existence of Biometrics technology and applications is well known to the IT world and even to the majority of the general public. However, the pace of penetration of Biometrics as a means of Strong Authentication is much slower than supporters of this technology were expecting some years ago. Other strong authentication methods such as smartcards and tokens are the solutions really used today, whereas Biometrics is still seen as a niche. What are the reasons for this? Is Biometric authentication after all not the solution it promised to be making life extremely more easy for all of us?  The speaker’s hypothesis is that it is mostly a problem of acceptance, caused by misinformation or lack of information provided to the public. In his presentation Josmaarten Swinkels will discuss what the misconceptions are that go around in public, how strong authentication through Biometrics really works, in which fields of application it is an extremely better solution than other types of authentication and why.

  

Peter Wood

Chief of Operations, First Base Technologies

New Blended Attacks: defending against social engineering combined with technology

Today’s criminals combine technical, physical and human exploits in attacks against organisations of all types. Hear real-life case studies of these new methods and the impact on business. Learn about the future of criminal hacking and how organised crime continually adapt. Discover how to detect and defend against blended attacks using the “human firewall” in concert with technology.

 

Workshops Abstracts

Evagelos Panagiotou

Senior Consultant, Ether Applications

Attacks and Countermeasures

During this workshop we’ll be performing an attack on a live system, while both the attacker and the defender will be present and evaluating their options during the attack. As part of this workshop we’ll demonstrate hacking techniques as well as protection mechanisms as applied in a real case and what steps can be taken to protect systems further.

 

Case Study Abstracts

Alan Calder

Chief Executive, IT Governance Ltd.

Securing information assets with international best practice standard ISO27001: a case study

ISO27001 is the international best practice standard for corporate information security management. It is also emerging as the single worldwide standard for data security regulatory compliance. This composite case study looks at the business benefits of adopting the standard, and identifies the nine key steps in designing and implementing an Information Security Management System (ISMS) based on ISO27001. This case study draws on and illustrates the different experiences of small and large organisations, and also identifies key differences between public and private sector approaches.

 

Charles Mansour

CISA, Audit & Risk Service

Auditing Information Security Using CObIT

In this session you will learn how to apply some of the features currently available in CObIT in the context of an audit of IT Security. We will work in some depth through the various stages of an audit of one area of IT Security using the features currently available to auditors in the CObIT family of products.

 

Athanasios Vamvakas

Services Director, ETHER Applications Ltd

Geniki Bank eBanking & Digital Signatures: How we combined technology with business needs

During this session we’ll present how the project team was able to implement a strong security mechanism, capable of protecting electronic transactions and ensuring their integrity. Participants will be presented with the problems and requirements that the team faced and the tough decisions that were required to create the necessary deliverables.

 

Steven Eliopoulos

Head of Direct Banking, Emporiki Bank

Maximizing security in Internet Banking using EMV cards

During the case study, Emporiki Bank, Adacom and Todos will present how they launched a solution for strong authentication on Internet banking services, based on EMV-CAP cards, and by doing so set a new standard in domestic Internet banking technology.

 

 

To Top

Lead Sponsors

Alpha Bank_Logo

 

Algosystems Logo

 

ETHER Applications Ltd

To Top


Μedia Sponsor

To Top


Organizer

Hellenic American Union

To Top


Academic Advisor

 Hellenic American University

 

To Top