Your digital "Home of IT Security"
365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
Make an appointment with
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
Create an onsite appointment with
So that you can make an onsite appointment, the appointment request will open in a new tab.
With increasing complexity in IT, companies need new tools and standards to digitise processes securely. An international organisation is developing procedures and methods for this.
The Greek Chris K. Dimitriadis is constantly on the move. His job: to steer and manage the worldwide growth of the non-profit association ISACA. The association is on a growth path and is already represented in 180 countries. For it-sa 2023, Dimitriadis visited Nuremberg, gave a lecture and took part in the panel discussion “AI and the digital transformation - can Digital Trust create the necessary security and trust?”.
- Chris K. Dimitriadis (PhD) is Chief Global Strategy Officer at ISACA, based in the USA.
- ISACA is known for creating frameworks for IT governance such as COBIT, as well as training and certifying professionals in cybersecurity, audit, risk, privacy and technology governance.
- AI is both a blessing and a curse for IT security managers
How did your path to cybersecurity begin and what has your career been like?
I studied computer science and my final thesis was already on cybersecurity. Later, I wrote my PHD thesis about 4G security. After an intermezzo as a consultant at a cybersecurity company, I became CISO at a lottery vendor. IT-security has a high priority there, because a lot of money is at stake. Even at that time, I was volunteering for ISACA and helping to develop best practices for cybersecurity. I became more and more fascinated by ISACA, and today I'm on the board of ISACA Europe and work as Chief Global Strategy Officer at ISACA Global. This role is about developing strategies for ISACA and expanding globally. Currently, I work on digital trust, which is the integrity of transactions and the relationship between customers and service providers, in digital ecosystems.
What is ISACA and what is its mission and field of activity?
ISACA stands for "Information Systems Audit and Control Association" and is a non-profit association active worldwide. ISACA was founded 50 years ago in the USA to organise training. Initially, the focus was on technology control and audit. But from the beginning, networking among members was also an important point. Today we have 170,000 members in 180 countries and 225 Chapters, one of them in Germany. We also carry out certifications, for example for IT auditors.The COBIT framework is considered a major achievement of ISACA. What is it about and what distinguishes it?
It is an IT governance framework, i.e. it is used to control corporate IT. It helps IT professionals to implement technologies in a planned and controlled way. With the increasing complexity in IT, a tool like COBIT is a great help for many companies and supports, for example, in the digital transformation to consider all important aspects. It bridges the gap between technology, business risks and IT security requirements, which include passwords, logging and other access controls. COBIT has been in use worldwide for 20 years.
What are your plans for the future, can you give us a little preview?
In a few months, a new framework will be ready, the Digital Trust Ecosystem Framework. It facilitates the implementation of new technologies and IT processes when it comes to trust relationships and regulates such relationships between different stakeholders, such as customers and service providers. But it is also about digital trust in the interaction between citizens and authorities in government services. Such relationships have different levels. The framework aims to ensure data protection, reliability, communication and control of services and relationships.
For example, this may mean that customers need to be informed if, a security incident occurs let's say with a streaming service. Customers should also be sure that their data is used in a way they expect. Imagine if your data and that of other customers were suddenly used for election advertising. To prevent this from happening, rules and control instruments are needed. All this must be measurable and verifiable, for example by an auditor.
Do you expect changes in your field of work due to artificial intelligence (AI)?
We believe that the community must understand AI, otherwise protection of IT or audits will no longer be possible in the future. AI will become an important focus for us. We have produced research papers and developed trainings and certificates on this.. The demand is increasing.
AI will help the security industry to develop new tools and methods. At the same time, it causes us great problems that attackers are also improving their methods with AI. For example, in social engineering to seduce people into revealing access data.
What prompted you to visit the IT security trade fair it-sa in Nuremberg? What significance does it-sa have for you?
It is the most important European event for the cybersecurity community. I can learn and contribute a lot here and also represent and present ISACA ideas and concepts. We have also started a new cooperation with the Nuremberg-based company Qskills as an authorised training partner. In Germany, we are also in exchange with the Federal Office for Information Security (BSI). We try to contribute our knowledge there, also for support. International cooperation is the key to success for cyber security, because cyberthreats have no geographical boundaries.
