Canadian Information Processing Society (CIPS)



Marios Damianides: Partner, Ernst & Young, Global Authority in Security and Risk Management

This week, Stephen Ibaraki has an exclusive interview with Marios Damianides.

Marios DamianidesMarios Damianides is a partner with Ernst & Young in the Risk Advisory Services division in New York. At Ernst & Young Mr. Damianides has worked with numerous Fortune 100 companies designing and implementing security management systems. Mr. Damianides is a member of ISACA (Information Systems Audit and Control Association) and served as its international president from 2003 to 2005 and is also past President of the IT Governance Institute. Mr. Damianides was recognized by the New York Metropolitan Chapter of Information Systems Audit and Control Association (ISCA NY) and was awarded the Wasserman Award in 2007.

Philanthropically, Mr. Damianides has garnered corporate support of over $10 million for various nonprofit organizations including the Educational Broadcasting Corporation and has personally supported a wide range of nonprofit organizations.

Mr. Damianides received his undergraduate degree from University of KwaZulu-Natal in South Africa and his Masters in MIS from Rand Afrikaans University in South Africa. Mr. Damianides lives in Scarsdale, NY with his wife Anna Damianides and their two children.

To listen to the interview, click on this MP3 file link

The latest blog on the interview can be found in the IT Managers Connection (IMC) forum where you can provide your comments in an interactive dialogue.


Interview Time Index (MM:SS) and Topic

:00:24: Marios, thank you for sharing your deep experiences with our audience.
"....It's an exciting time for all of us to be involved in business and the business of information technology in particular...."

:00:53: Marios profiles his history prior to his current role and talks about and shares some of the defining and usable lessons from some of the major events and roles in his history.
"....I think the most important thing that I keep in mind as I look back on my career and what has transpired, is that it is a business issue and as security professionals the more we do to have business-level discussions around what it is that information security can do as an enabler and as a way to protect the company's assets, I think that's when we have real success...."

:05:31: Marios can your profile your current role and your measurable goals?
"....From a perspective as a spokesperson for the ISACA, some of the things that we're doing together and the interaction that we've had at the World Congress is really what my focus is in terms of getting the message out about what is information security and what it is that professionals should be thinking about....From a partner perspective at Ernst & Young, our criteria for measurement really focuses on what it is that we do to impact our clients, how we can help them to be more prepared for prevention of events but also how we can help them to detect or react to situations as they come up...."

:07:37: What are your 5 best tips on risk management?
"....Link risks to business risks....Align the management of IT-related business risks with overall enterprise risk management....Define the risk appetite and risk tolerance....Present a uniform view of IT risk to stakeholders....Put a monitoring process in place to continuously update or look for changes in the risk profile...."

:10:01: What are useful resources in security?
"....The new release of Cobit 5 for information security which builds on the framework that's out there under Cobit, and provides a lot of practical guidance on how information security is viewed, how it can be more impactful for the organization and what it is that security professionals should look for and look at. It's new, fresh and is on the ISACA website....The ISO frameworks....ITIL framework....The body of knowledge that comes with CISM....Some of the more technical certifications provide good bodies of knowledge that security professionals could access....Open Compliance and Ethics Group publications....Publications put out by ISACA and other professional bodies...."

:12:47: With emerging technologies such as Big Data, mobile computing, social media and cloud computing, what are companies doing to address some of the security concerns around these areas?
"....Let's use the technology that's available to the security professional, but also let's put policy in place, let's educate our people, our professionals and our staff so that they're aware of the risk and act accordingly...."

:16:42: Marios, please share any added valuable insights that you provided as a speaker and leader at the ISACA World Congress in June in San Franscisco.
"....I'll highlight two items that I think were key themes....Regulation is coming, be prepared....Look at the risk functions in your organization and build a compliance function that has more pervasive powers and a more pervasive look at the organization rather than 20 or 30 silo risk management groups that might or might not be effective...."

:19:21: What do you see as the top 5 disruptive technologies and how can these be managed?
"....There isn't a simple answer to the question about how to manage these disruptive technologies, but I'll stay with the theme that technology can be managed through technology. I think the people element is where security professionals can have a more profound impact, and that comes through policy setting, education, training, awareness, and of course using the technology at hand to both prevent and detect issues that these disruptive technologies bring to the organization from a risk perspective...."

:21:36: Do you feel computing should be a recognized profession on par with accounting, medicine and law with demonstrated professional development, adherence to a code of ethics, personal responsibility, public accountability, quality assurance and recognized credentials?
[See and the Global Industry Council,]
"....My point of view is that we are moving towards a profession and I think we have many of the elements in place, and as we mature and things become a little bit more standardized in terms of the code of ethics and behaviors and so on, it will be easier for the public to see computing as a profession, but it will take a little bit of time...."

:23:37: Marios, from your extensive speaking, travels, and work, do you have any stories to share? (examples: amusing, surprising, unexpected, amazing)
"....I've been amazed by the ingenuity of the people I've worked with and how they've taken frameworks and concepts and put them in place within their organization...."

:27:50: Marios, if you were conducting this interview, do you have added questions you would ask and then what would be your answers?
"....What issues are facing companies versus just the technical issues?....What have you done to facilitate your business and your stakeholder's success?....How have you used technology at your fingertips to facilitate doing things better, faster, more efficiently and how do we use that technology more effectively, take it to the next level, and integrate it more into the day-to-day business?...."

:29:43: Marios, with your demanding schedule, we are indeed fortunate to have you come in to do this interview. Thank you for sharing your deep experiences with our audience.
"....I have enjoyed our conversation tremendously and to have the opportunity to chat with you and share these thoughts. Thank you very much..."


Music by Sunny Smith Productions and Shaun O'Leary