CONFERENCE PROGRAM › wp-content › uploads › 2017 › 10 › ...2 Certified InfoSec Conference...

CONFERENCE PROGRAM

OCTOBER 9-11, ROCKVILLE, MARYLAND

GOLD SPONSORS

SILVER SPONSORS

Meet BSI’s Katie Warlick and Willibert Fabritius

& Discover how the Information Security

Management Standard can meet your

organization’s needs!

9:00 am in the Twinbrook Room.

Willibert Fabritius and BSI’s Neelov Kar will give you the

auditor’s perspective of “Typical Issues when

Implementing an ISO 27001 Management System and

How to Avoid Them”.

1:20 pm as part of the Enterprise Compliance

Track in Plaza 1.

Save the Date: October 9th

INTRODUCTION

Hilton Washington DC • Rockville, MD 1

Sponsoring Organizations

The Certified InfoSec Conference would not be possible without the support of these organizations.

Title Sponsors

GOLD SPONSOR GOLD SPONSOR

S ILVER SPONSOR SILVER SPONSOR SILVER SPONSOR

Leading Sponsors

WATER SPONSOR BADGE SPONSOR BAG SPONSOR

Exhibitors

Supporting Sponsors

Table of Contents

Introduction & Sponsors ................ 1 Agenda .......................................... 2 Speakers ....................................... 6 Sponsors ..................................... 10

Program Committee

Dave Anders, SecuraStar (Chair) Allan Calder, ITGovernance John DiMaria, BSI (Chair) Willibert Fabritius, BSI (Chair) David Henkel, Technatomy Carlos Horna, GDTI Maria Hoton, EmeSec Eva Kulper, Hewlett Packard

Enterprise Jimmy Sanders, ISSA Bill Rutledge, Certified InfoSec

Conference (Chair) Vern Williams, Dell SecureWorks

(Chair) Walt Williams, Lattice Engines Richard Wilshire, Zygma LLC

Conference Staff

Bill Rutledge, Project Director, 1.212.866.2169, [email protected] Nikki Principe, Operations Manager, 1.571.249.5680, [email protected]

AGENDA

2 Certified InfoSec Conference • October 9-11, 2017

Conference Agenda Detailed session descriptions are online at Certinfosec.org

CISC & 27K Security Summit will be presented in four tracks on Tue and Wed:

Enterprise Compliance (EC) will cover issues related to ISMS implementation within the organ-ization

Organizational Resilience and Cyberdefense track (OR) will cover issues related to business continuity and intrusion response

Cloud Compliance track (CL) will cover special issues related to security and privacy for cloud organizations

Workshops (W) Four intensive half-day workshops will be presented on Monday

Plenary Sessions (P) Industry overview topics are presented at the beginning and end of the conference.

Cross-Compliance track (CR) will cover issues related to the efficient management of multiple certified security frameworks.

Two-Day Training/Exam Ses-sions (E) Two training sessions will be presented on Thursday and Friday.

Monday, October 9

8:00 Registration (Foyer)

Workshops Twinbrook Room Workshops Montrose Room

9:00 WK01a. Introduction to ISO/IEC 27001 Infor-mation Security Management, Willibert Fabritius, Assistant Vice President, BSI & Katie Warlick, Busi-ness Development Manager, BSI

WK01b. Understanding ISO 22301—Purpose and Implementation, Bob Cohen, ISO 22301 Practice Manager, Pivot Point Security

12:30 Lunch

13:30 WK02a. What to Expect When You’re Expecting Your First ISO/IEC 27001 Certification Audit, Timothy Woodcome, Director, NQA

WK02b. Introduction to Cross Compliance: Man-aging Multiple Information Security Standards, Erez Avidan Antonir, VP Business Development, Pro-ject Hosts

17:00 Conference Session Adjourns

Conference Presentations Presentations will be available after the

conference at Certinfosec.org Password: *******

Join the Conversation on Twitter

# CertInfoSecConf

WiFi Access

1. Connect to “Hilton Meeting” 2. Open your browser3. Enter PIN: CISC

WiFi is provided by PSAV/Hilton. CISC is not responsible for WiFi service.

Dine-Around DC

Join your colleagues at CISC for Dine-Around DC. On the evening of Tuesday, October 10, you can enjoy an informal, prix-fixe dinner at a group table in the company of other professionals at one of Rockville’s finest restaurants . Stop by the registration desk for more info.

AAGGEENNDDAA

Hilton Washington DC • Rockville, Maryland 33

TTuueessddaayy,, OOccttoobbeerr 1100 Detailed session descriptions are online at Certinfosec.org Plenary Session Plaza I & II

9:00 Plenary Session, Welcome and Introduction, Bill Rutledge, Project Director, CISC2018

Pushing Computers to the Edge: Next Generation Security and Privacy Controls Supporting Systems, Organi-zations, and the Internet of Things, Ron Ross, Fellow, NIST

Cyber Security in Today’s Hybrid Virtual World, Susie Adams, Chief Technology Officer, Microsoft Federal

10:20 Networking Break, Exhibits Open (Plaza III)

EEnntteerrpprriissee CCoommppll iiaannccee ((EECC)) PPllaazzaa II OOrrggaanniizzaattiioonnaall RReessii ll iieennccee aanndd CCyybbeerrddeeffeennssee ((OORR)) PPllaazzaa II II

11:00 Cybersecurity Compliance: Less Pain, More Auto-mation (EC12) Gib Sorebo, Chief Cybersecurity Technologist, Leidos

ISO 22301 Business Continuity Management: Case Studies and Best Practices (OR12) George Huff, Director of Consulting, The Continuity Project

11:40 ISO 27001: The Global Cyber Security Compliance Framework (EC13) Alan Calder, Founder & Executive Chair, IT Governance Ltd

ISO 22301 Business Continuity Basics and Action-able Insights (OR13) Bob Cohen, ISO 22301 Practice Manager, Pivot Point Security

12:20 Lunch in Exhibits (Plaza III)

13:20 Typical Issues When Implementing an ISO 27001 Management System, and How to Avoid Them (EC14), Willibert Fabritius, Assistance VP, BSI and Neelov Kar, Lead Auditor, BSI Group

Assess Your Vendors...Before It's Too Late! (OR14) Charlie Miller, SVP, Shared Assessments , The Santa Fe Group/Shared Assessments

14:00 Clause 4—Context of the Organization and How to Determine a Proper Scope of Registration (EC15) David Anders, Managing Partner, SecuraStar.com, iCertWorks.com, ISOmanager.com

You Know They Were Here…But WHY? (OR15) Kelly J. Kuchta, CEO & Founder, Forensics Consulting Solutions, LLC

14:40 Networking Break in Exhibits (Plaza III)

15:00 Determining Scope of Your Information Security Management System (EC16) John Laffey, Perry Johnson Registrars

Intrusion to Detection: Establishing an Effective Response (OR16) [40 Min] Edward Beesley, Global Head of IT and Digital Services for the CBE Business, SGS

15:20 ISO 27001 Audits—"A View from the Customer Side" (EC17) Christine Ishak, Senior Manager, Deloitte

15:40 A Case Study of lessons learned and benefits of an ISO 27001:2013 implementation (EC18) Kris Martel, Chief Information Security Officer, EmagineIT

Perspectives on Organizational Resilience (OR18) Chloe Demrovsky, President & CEO, Disaster Recovery Institute International


16:20 Case Study: ISO 27001/27002 Security Framework and Controls Implementation (EC19) John Linkous, Founder & CEO, InterPoint Group

The Art of Cyber Conflict (OR19) Henry Sienkiewicz, Open Travel Software

17:00 Welcome Reception in Exhibits (Exhibits Open, Plaza III, ends at 18:30) Dine-Around DC (See page 2)

AAGGEENNDDAA


WWeeddnneessddaayy,, OOccttoobbeerr 1111 Detailed session descriptions are online at Certinfosec.org

CClloouudd CCoommppll iiaannccee ((CCLL)) PPllaazzaa II CCrroossss--CCoommppll iiaannccee ((CCRR)) PPllaazzaa II II

9:00 Lesson and Strategies: Moving to Cloud Services and Shared Services (CL20) Benjamin Bergersen, Chief Information Officer, U.S. Trade and Development Agency

Surveying the Landscape (CR20) Richard Wilsher, Founder & CEO, Zygma LLC

9:40 Cloud Compliance Certifications and The Road Ahead (CL21) Erika Voss, Head of Information Security, Risk, and Compliance, Zillow Group

Merging ISO 27001, NIST 171 and other DFAR and Regulatory Requirements (CR21) Lisa Dubrock, Managing Partner, Radian Compliance, Michelle Farr, CEO, Zofia Consulting, and Ruth Sherrill, Manager, Cotracts Dynamis


10:40 Cloud Compliance and CSA STAR (CL22) Katie Lewin, Federal Director, Cloud Security Alliance

Managing Cyber Security Gaps of ISO/IEC 27001 for Clients Requiring DFARS (800-171) Compliance (CR22) Maria Horton, CEO/President, EmeSec

11:20 ISO27001 in a Cloud Environment—The Easy Way (CL23) Chris Hall, Director, Business Technology Risk Partners (BTRP)

Harmonizing SOC 2 and ISO 27001 (CR23) Ryan Mackie, Principal, ISO Practice Director Schellman & Company

12:00 Lunch in Exhibits (Plaza III)

13:00 Providing Assurance Through Federal Certifications for FISMA and NIST SP 800-53 Security Controls (CL24) Shashi Karanam, Senior Certifications Consultant, Corsec Security

GDPR Weaving a Data Protection Culture into the Fabric of Your Business (800-171) Compliance (CR24) Shane Ryan, EVP of Professional Service, BSI Group

13:40 ISO 27001 and ISO 27018 in Cloud Service Enterprises (CL25) Michael Fuller, Director, Coalfire

ISO 29100 and Privacy (CR25) Eric Lachapelle, CEO, PECB

14:20 Networking Break in Exhibits (Plaza III—Exhibits Close at 14:40)

14:40 Inside the DHS Study on Mobile Device Security, a 2017 Report to Congress (CL26) Joshua Franklin, IT Security Specialist, NIST and Vincent Sritapan, HSARPA Program Manager, US Department of Homeland Security

Sooner Than You Think: Quantum Computing and the Reinvention of Security (CR26) Mike Brown, CTO, ISARA Corporation

15:20 Networking Break (Foyer)

15:30 Summary Panel Discussion: InfoSec Risk Assessment (P27) (Plaza I)

This panel discussion will focus on fundamental questions about why do we do risk analysis and risk assessment. What is the most effective risk analysis/risk assessment in the field and why? We’ll consider a range of risk assessment methodologies including NIST Risk Assessment, BITS, Octave, 3100 ERM, Cloud Security Risk, and more. The summary panel session topic was chosen by a survey of conference participants. Moderator: Willibert Fabritius, Assistant Vice President, BSI; Panelists: Dave Anders, Managing Partner, SecuraStar; Bob Cohen, ISO 22301 Practice Manager, Pivot Point Security; Richard Wilshire, Founder & CEO, Zygma

Thursday-Friday, October 12-13: Two-Day Training/Exam Sessions

Separate registration required. Check at registration desk for more information and location of sessions.

HOW SECURE IS YOUR CUSTOMER DATA?DON’T TAKE THAT RISK. SGS CAN HELP YOUR STAND OUT FROM THE COMPETITION BY IMPLEMENTING A STRONG INFORMATION SECURITY MANAGEMENT SYSTEM. STOP BY OUR TABLE AT THE CONFERENCE FOR MORE INFORMATION.

© S

GS

Gro

up M

anag

emen

t SA

– 2

017

– A

ll rig

hts

rese

rved

- S

GS

is a

reg

iste

red

trad

emar

k of

SG

S G

roup

Man

agem

ent

SA

SGS IS THE WORLD’S LEADING INSPECTION, VERIFICATION, TESTING AND CERTIFICATION COMPANY

SPEAKERS


Speakers Speaker biographies are online at Certinfosec.org

Susie Adams

Chief Technology Officer, Microsoft Federal

Keynote PL11b

David Anders

Managing Partner, SecuraStar

Program Committee Chair & EC15

Erez Avidan Antonir

VP Business Development Project Hosts

WK02b

Edward Beesley

Global Head of IT and Digital Services for the CBE Business, SGS

OR16

Benjamin Bergersen

Chief Information Officer, U.S. Trade and Development Agency

CL20

Mike Brown

CTO, ISARA Corporation

CR26

Alan Calder

Founder & Executive Chair, IT Governance

EC13

Bob Cohen

ISO 22301 Practice Manager, Pivot Point Security

WK01b & OR13

Chloe Demrovsky

President & CEO, Disaster Recovery Institute International

OR18

Lisa Dubrock

Managing Partner, Radian Compliance, LLC

CR21

Willibert Fabritius

Assistant Vice President, BSI

Program Committee Chair, WK01a & EC14

Michelle Farr

CEO, Zofia Consulting

CR21

SPEAKERS


Joshua Frankin

IT Security Specialist, National Institute of Standards and Technology

CL26

Michael Fuller

Director, Coalfire ISO

CL25

Chris Hall

Chris Hall, Director, Business Technology Risk Partners (BTRP)

CL23

Maria Horton

CISSP, ISSMP, IAM, Cloud Essentials, CEO, EmeSec

CR22

George Huff

Director of Consulting, The Continuity Project

OR12

Christine Ishak

Senior Manager, Deloitte

EC17

Neelov Kar

Lead Auditor, BSI

EC14

Shashi Karanam

Senior Certifications Consultant, Corsec Security

CL24

Kelly Kuchta

CEO & Founder, Forensics Consulting Solutions, LLC

OR15

Eric Lachapelle

Chief Executive Officer, PECB

CR25

John Laffey

Perry Johnson Registrars

EC16

Katie Lewin

Federal Director, Cloud Security Alliance

CL22

John Linkous

Founder and CEO, InterPoint Group

EC19

Ryan Mackie

Principal, ISO Practice Director, Schellman & Company

CR23

SPEAKERS


Kris Martel

Chief Information Security Officer Emagine IT

EC18

Charlie Miller

SVP, Shared Assessment

OR14

Ron Ross

Fellow, National Institute of Standards and Technology

PL11a

Bill Rutledge

Project Director, CISC17

Program Committee Chair

Shane Ryan

EVP of Professional Services, Information Governance, British Standards Institute (BSI)

CR24

Ruth Sherrill

Manager, Contracts, Dynamis, Inc

CR21

Henry Sienkiewicz

OpenTravel Software

OR19

Gib Sorebo

Chief Cybersecurity Technologist, Leidos

EC12

Vincent Sritapan

HSARPA Program Manager, US Department of Homeland Security

CL26

Erika Voss

Head of Information Security, Risk, and Compliance, Zillow Group

CL21

Katie Warlick

Business Development Manager, BSI Group

WK01a

Richard Wilshire

Founder & CEO, Zygma Partnership

CR20

Timothy Woodcome

Director, NQA, USA

WK02a

ISO 27000 Training • ISO 27001 Lead Auditor • ISO 27001 Lead Implementer • ISO 27005 Risk Mgr • ISO 27032 Cyber Security Mgr • ISO 27035 Lead Incident Mgr

ISO 27001 Implementation • Clause 4-10 implementation • Risk Assessment • Statement of Applicability • Policies, Processes, Procedures • Business Continuity Plans

ISO 27001 Audits • ISO 27001 Gap Assessment • 3rd Party / Vendor / Supplier Audits • ISO 27001 Internal Audit • ISO 27001 Certification Audits (iCertWorks)

ISO 27001 Software • Clause 4-10 Navigation • Risk Assessment • Task Management System • GRC Compliance (FISMA, HIPAA, PCI, CSA, etc)

Contact us Today! 855-476-2701

www.SecuraStar.com

SPONSORS


Exhibit Floor Plan

2. BSI, Gold Sponsor 3. SecuraStar, Silver Sponsor 4. DNV-GL, Silver Sponsor 5. SGS, Badge Sponsor 6. Emagine IT, Gold Sponsor 8. ICertWorks, Silver Sponsor 9. Standard Fusion GRC 10. Dekra, Water Bottle Sponsor

11. EmeSec 12. Perry Johnson Registrars 13. Pivot Point Security 14. CoalFire, Bag Sponsor 15. Project Hosts 17. Whitewood 18. NQA 19. Vantage Point 20. DQS

SPONSORS


Sponsors & Exhibitors

Event Sponsor

atsec information security United States www.atsec.com

atsec information security is an independent, privately owned company that focuses on providing laboratory and consulting services for information security. We address commercial and government sectors around the world. Our consultants are expert in a variety of technologies including operating systems, databases, and network devices. Our laboratories specialise in evaluating and testing commercial products, using international standards to help provide assurance to end-users about the products they buy and use. We focus on assisting organizations, large and small, achieve compliance with standards such as Common Criteria, FIPS 140-2, O-TTPS, PCI, ISO/IEC 27001 and FISMA and offer a variety of services that complement that goal

Gold Sponsor, Booth 2

BSIUnited States www.bsigroup.com

BSI’s legacy of making excellence a habit™ has made us a leading global provider of services designed to protect and grow businesses of every size and in every sector. Our technical experts, global presence, and long history means we can provide clients around the world with an unsurpassed level of service and a unique product portfolio. We enhance an organization’s management system by understanding and helping to solve problems using our full suite of services–Training, Assessment, and Business Improvement Software. At BSI, the power of our portfolio, expertise, and passion can provide the gateway to excellence inside an organization.

Association Sponsor

Cloud Security All iance (CSA) Cloudsecurityalliance.org

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud—from providers and customers, to governments, entrepreneurs and the assurance industry—and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.

Bag Sponsor Booth 14

Coalfire Systems United States www.coalfire.com

We are a group of technology professionals that started in 2001 with a simple idea – cyber threats are increasing, compliance mandates are getting more complicated, and a well-designed cyber risk management program is your best line of defense. We’ve been rethinking risk management and compliance ever since. Coalfire helps organizations comply with global financial, government, industry and healthcare mandates while helping build the IT infrastructure and security systems that will protect their business from security breaches and data theft. The company is a leading provider of IT advisory services for security in retail, payments, healthcare, financial services, higher education, hospitality, government and utilities. Coalfire professionals use a combination of IT experience, expertise and intelligence to independently audit and evaluate your entire IT infrastructure to determine what your actual risks are, help you understand how to protect your business assets, and what resources you need to quickly identify and respond to security threats.

SSPPOONNSSOORRSS


Water Sponsor, Booth 10

DDEEKKRRAA Dekra.com

DEKRA Certification is a global registrar for management system standards, including ISO 9001, ISO 14001, ISO 13485, AS 9100, ISO 50001, IATF 16949, ISO 27001, and more. DEKRA Certification is one of the world’s leading expert organizations, active in over 70 countries throughout the globe. With their newest acquisition, AQS Solutions, DEKRA is able to provide one stop for all certification and training needs.

Silver Sponsor, Booth 4

DDNNVV--GGLL United States www.dnvgl.com

Driven by our purpose of safeguarding life, property and the environment, DNV GL enables organizations to advance the safety and sustainability of their business. We provide classification, technical assurance, software and independent expert advisory services to the maritime, oil & gas and energy industries. We also provide certification services to customers across a wide range of industries. Combining leading technical and operational expertise, risk methodology and in-depth industry knowledge, we empower our customers’ decisions and actions with trust and confidence. We continuously invest in research and collaborative innovation to provide customers and society with operational and technological foresight. Operating in more than 100 countries, our professionals are dedicated to helping customers make the world safer, smarter and greener.

Booth 20

DDQQSS,, IInncc United States www.dqsus.com

DQS is the preferred partner for assessments and certifications of management systems, with approximately 50,000 certification sites supported globally. We are committed to Information Security, Information Technology and Business Continuity in our support of non-certification, process-driven development

projects along with ISO 27001, ISO 20001 & ISO 22301 registrations. UL DQS belongs to the top group of international management certification bodies with more than 2,300 auditors in over 100 countries. We value your business and remain committed to our customer focus and technical excellence. We look forward to the opportunity to partner with you in achieving your business objectives.

Gold Sponsor, Booth 6

EEmmaaggiinnee IITT United States www.eit2.com

Founded in 2002, EIT is an Information Technology (IT) Consulting Services company that specializes in delivering technology solutions to meet the needs of clients. Our organization excels at providing a multitude of services including management, consulting, solutions engineering, system integration, and IT advisory services. EIT provides strategic leadership and execution on all facets of cybersecurity leadership including Assessment & Authorizations (A&A), Advisory Services, and Penetration testing. Our reputation reflects the high quality of the talented EIT team and the consultants working for our clients. EIT has conducted more than 1,000 federal assessments, focusing on regulatory and compliance requirements such as FedRAMP, Health Insurance Portability and Accountability Act (HIPAA), the FISMA, and the Risk Management Framework (RMF). Our team specializes in technical advisory to include: System Documentation – development of policies, plans and procedures for FedRAMP, NIST Advisement – ensuring your cloud service meets NIST guidelines, DoD A&A – over ten years of DoD Assessment & Authorization experience, Penetration Testing – execute deliberate attacks to test system integrity, Vulnerability Assessments – perform scans on systems to identify vulnerabilities, and Application Security Testing – detect security holes in software and applications.

Booth 11

EEmmeeSSeecc United States www.emesec.net

EmeSec is focused on improving a client’s effective use of technology to deliver agency mission/programs while

SPONSORS


mitigating cyber security vulnerabilities and risks. Founded as an Information Assurance (IA) business, EmeSec included a variety of advisory and assistance consulting, technical support, project development, and general engineering services. EmeSec gained certifications as a means of improving performance, showcasing the strong business management of the company, and obtaining compliance with what some government agencies required in larger and larger RFPs. As the cloud infrastructure and the need for System Security Engineering across the technology spectrum of cloud, mobile, and legacy system migration continues to expand, EmeSec has positioned itself to provide cloud security expertise that combines agile engineering and development efforts with an eye to the cyber and privacy threats that systems will inevitably face during deployment.


iCertWorks

www.icertworks.com

iCertWorks is an international ISO management system accredited training and certification organization. iCertWorks also offer ISO 27001 Certification services through PECB (IAS Accreditation). To offer you a quote, we will need an application filled out and a defined scope statement with number of employees in scope and number of locations in scope. We have been performing ISO 27001 Certification Audits for over 5 years and also offer Certification services for ISO 9001, etc.

Association Sponsor

IT Governance

www.itgovernanceusa.com

IT Governance is a unique organisation. The company was founded in April 2002 to source, create and deliver products and services to meet the real-world, evolving IT governance needs of today’s organizations, directors, managers and practitioners. Our objective is to make this site the one-stop-shop for comprehensive corporate and IT governance information, advice, guidance, books, tools, training for the American market. We have been involved in designing, and successfully implementing, cost-effective ISO 27001 information security management systems since the standard was first promulgated. We write and publish extensively on IT governance subjects, including IT service management,

project governance, regulation and compliance, and have evolved a range of leading-edge tools for IT governance, information security and regulatory compliance practitioners, available through the online shop on this site. We approach IT governance, regulatory compliance and information security issues from a management perspective and are committed to engaging business leaders in developing and implementing information, ICT regulatory compliance and information security strategies that enable their businesses to compete effectively in the global information economy.

Booth 18

National Quality Assurance (NQA) United States www.nqa.com

Your Partner for Organizational Success: You are not just selecting a Registrar, you are selecting a partner in your quest for success in the marketplace. NQA’s strategy for success is to maintain core values based on credibility, professionalism, integrity, communication and competent registrations for all clients. Our goal is to exceed our clients’ expectations. We continuously maintain sufficient auditor resources which allow us to minimize typical lead times to a few weeks, utilizing highly trained and experienced local auditors. Additionally, your NQA partnership brings you access to valuable informational updates and resources, through our e-newsletters and network of training partners.

Booth 12

Perry Johnson Registrars United States www.pjr.com

Perry Johnson Registrars, Inc. is a fully accredited ISO 27001 registrar that operates with the client’s best interests in mind. PJR’s auditors receive continuing professional development training in order to link your customer’s objectives with your process performance measurables. The focus on your organization’s need to meet or exceed customer expectations is why PJR should be your Registrar. Check us out at www.pjr.com or contact us at 1-800-800-7910 for more information on how PJR can become your partner in certification!

SSPPOONNSSOORRSS


Booth 15

PPrroojjeecctt HHoossttss United States www.pivotpointsecurity.com

The ISMScloud Service was created by Project Hosts, Inc, a recognized leader in managed cloud services and hosting that is both ISO 27001 and FedRAMP SaaS compliant. Founded in 2003, the company has served thousands of enterprise customers and government agencies with highly secure, customized and standards-based cloud solutions. Now, to help other companies secure their information management system and achieve their ISO 27001 certification, we’ve taken our knowledge and expertise and created an online service to simplify, speed and essentially ensure that you’ll pass the certification process. We did!


SSeeccuurraaSSttaarr United States www.securastar.com

SecuraStar is a niche consulting firm specializing in information security management systems (ISMS). Our years of experience and expertise in ISO 27001 consulting has resulted in international recognition of our products and services.

Badge Sponsor, Booth 5

SSGGSS NNoorrtthh AAmmeerriiccaa United States www.sgsgroup.us.com

SGS is the world’s leading inspection, testing and certification company and recognized as the global benchmark for quality and integrity. With more than 89,000 employees in 130 countries, SGS works with more than half of Fortune 500 companies but also with SMB organizations looking to enhance their business. SGS supports clients in opening up new business opportunities with information security conscious customers. SGS performs pre-assessment and certification audits to ISO 27001 for Information Security Management Systems, ISO 20000 for IT Service Management, ISO 22301 Business Continuity Management, Cloud Security Alliance (CSA) Security,

Trust and Assurance (STAR) assessments and other programs, as well as supplier audits.

Booth 9

SSttaannddaarrddFFuussiioonn Canada www.standardfusion.com

StandardFusion was built to help organizations of all sizes simplify the complexities of GRC (governance, risk and compliance). It sets out to eliminate high costs of implementation and operation, adding value to the bottom line by reducing risk and disruption before it happens and reduce complexity wherever possible through technology and automation. StandardFusion is a SaaS management platform that can manage compliance to just about any standard. StandardFusion becomes the single source of truth, or system of record, for their compliance programs. With licensing agreements with the AICPA, Standards Council of Canada (ISO/IEC), PCI, and BSI, StandardFusion supports most standards straight out of the box. This includes HIPAA, FEDRAMP, NIST, ISO, PCIDSS, and SOC1/2, just to name a few.

Booth 19

VVaannttaaggee PPooiinntt USA www.thevantagepoint.com

VantagePoint offers a security solution and consulting experts you need to help you enhance your security posture, reduce your risk, and facilitate compliance efforts. Our security product enables you to measure and monitor your security posture and detect threats across clouds and operating systems across five security verticals: file integrity monitoring, log analysis, vulnerability management, reputation analysis, and security configuration baseline analysis. Our consultants are seasoned, highly certified security veterans who can help you assess your security program, understand your gaps, pursue certification, test and improve your security defenses, design and develop security programs and architecture, and lead key security initiatives on your behalf.

SPONSORS


Booth 17

Whitewood USA whitewoodsecurity.com

Whitewood uses quantum mechanics to optimize random number generation across cloud, data centers & IoT devices. Without true randomness applications that rely on crypto are at risk. Whitewood’s award-winning products and cloud service address entropy starvation where sources of randomness are scarce & unreliable. Try free quantum entropy at getnetrandom.com.

Your Conference

Badge is a Digital Business Card

Badge/Lanyard Sponsor

Use any smart phone or pad QR code scanning app to retrieve com-plete contact information

Many free QR code scanning apps are available. The following app is highly

rated in many app stores:

ScanLife by ScanBuy Inc. on Android, iOS, BlackBerry, Nokia Ovi, Windows Phone

We make no representations or warranties regarding the functionality or performance of any third party software

ISO 22000—IT Service Management Systems (ITSMS) • ISO 22301 Lead Auditor • ISO 22301 Lead Implementer ISO 22301—Business Continuity Management Systems (BCMS) • ISO 22301 Lead Auditor • ISO 22301 Lead Implementer ISO 27001—Information Security Management Systems (ISMS) • ISO 27001 Lead Auditor • ISO 27001 Lead Implementer • ISO 27005 Risk Mgr • ISO 27032 Cyber Security Mgr • ISO 27035 Lead Incident Mgr

*Over 50 ISO Training Classes Available!

Contact us Today! 855-476-2701

www.iCertWorks.com

ISO Training & Certification for “Individuals”

PECB “2017 Reseller fo the year”

ISO Certification for “Organizations”

• ISO 9001—Quality Management Systems (QMS) • ISO 20000—IT Service Management Systems (ITSMS) • ISO 22301—Business Continuity Management Systems (BCMS) • ISO 27001—Information Security Management Systems (ISMS) • ISO 30001—Enterprise Risk Management (EMS)

*Over 20 ISO Standards Available for Certification!

Come see us at Booth #6

• 1-877-368-3530 • www.dnvglcert.com/xx

your Information Security Management System

STRENGTHEN

your assetsPROTECT

www.eit2.com

Delivering cutting-edge digital solutions that will solve your problems. Every time.

cloud security & emerging technologies

penetration testing & remediation services

software development

program management services

accredited FedRAMP 3PAO assessments

cyber security, risk management & privacy services

advisory services for FISMA, FedRAMP, ITAR, DFARS & RMF

CONFERENCE PROGRAM › wp-content › uploads › 2017 › 10 › ...2 Certified InfoSec Conference...

Documents

Transcript of CONFERENCE PROGRAM › wp-content › uploads › 2017 › 10 › ...2 Certified InfoSec Conference...