CONFERENCE PROGRAM › wp-content › uploads › 2017 › 10 › ...2 Certified InfoSec Conference...
Transcript of CONFERENCE PROGRAM › wp-content › uploads › 2017 › 10 › ...2 Certified InfoSec Conference...
CONFERENCE PROGRAM
OCTOBER 9-11, ROCKVILLE, MARYLAND
GOLD SPONSORS
SILVER SPONSORS
Meet BSI’s Katie Warlick and Willibert Fabritius
& Discover how the Information Security
Management Standard can meet your
organization’s needs!
9:00 am in the Twinbrook Room.
Willibert Fabritius and BSI’s Neelov Kar will give you the
auditor’s perspective of “Typical Issues when
Implementing an ISO 27001 Management System and
How to Avoid Them”.
1:20 pm as part of the Enterprise Compliance
Track in Plaza 1.
Save the Date: October 9th
INTRODUCTION
Hilton Washington DC • Rockville, MD 1
Sponsoring Organizations
The Certified InfoSec Conference would not be possible without the support of these organizations.
Title Sponsors
GOLD SPONSOR GOLD SPONSOR
S ILVER SPONSOR SILVER SPONSOR SILVER SPONSOR
Leading Sponsors
WATER SPONSOR BADGE SPONSOR BAG SPONSOR
Exhibitors
Supporting Sponsors
Table of Contents
Introduction & Sponsors ................ 1 Agenda .......................................... 2 Speakers ....................................... 6 Sponsors ..................................... 10
Program Committee
Dave Anders, SecuraStar (Chair) Allan Calder, ITGovernance John DiMaria, BSI (Chair) Willibert Fabritius, BSI (Chair) David Henkel, Technatomy Carlos Horna, GDTI Maria Hoton, EmeSec Eva Kulper, Hewlett Packard
Enterprise Jimmy Sanders, ISSA Bill Rutledge, Certified InfoSec
Conference (Chair) Vern Williams, Dell SecureWorks
(Chair) Walt Williams, Lattice Engines Richard Wilshire, Zygma LLC
Conference Staff
Bill Rutledge, Project Director, 1.212.866.2169, [email protected] Nikki Principe, Operations Manager, 1.571.249.5680, [email protected]
AGENDA
2 Certified InfoSec Conference • October 9-11, 2017
Conference Agenda Detailed session descriptions are online at Certinfosec.org
CISC & 27K Security Summit will be presented in four tracks on Tue and Wed:
Enterprise Compliance (EC) will cover issues related to ISMS implementation within the organ-ization
Organizational Resilience and Cyberdefense track (OR) will cover issues related to business continuity and intrusion response
Cloud Compliance track (CL) will cover special issues related to security and privacy for cloud organizations
Workshops (W) Four intensive half-day workshops will be presented on Monday
Plenary Sessions (P) Industry overview topics are presented at the beginning and end of the conference.
Cross-Compliance track (CR) will cover issues related to the efficient management of multiple certified security frameworks.
Two-Day Training/Exam Ses-sions (E) Two training sessions will be presented on Thursday and Friday.
Monday, October 9
8:00 Registration (Foyer)
Workshops Twinbrook Room Workshops Montrose Room
9:00 WK01a. Introduction to ISO/IEC 27001 Infor-mation Security Management, Willibert Fabritius, Assistant Vice President, BSI & Katie Warlick, Busi-ness Development Manager, BSI
WK01b. Understanding ISO 22301—Purpose and Implementation, Bob Cohen, ISO 22301 Practice Manager, Pivot Point Security
12:30 Lunch
13:30 WK02a. What to Expect When You’re Expecting Your First ISO/IEC 27001 Certification Audit, Timothy Woodcome, Director, NQA
WK02b. Introduction to Cross Compliance: Man-aging Multiple Information Security Standards, Erez Avidan Antonir, VP Business Development, Pro-ject Hosts
17:00 Conference Session Adjourns
Conference Presentations Presentations will be available after the
conference at Certinfosec.org Password: *******
Join the Conversation on Twitter
# CertInfoSecConf
WiFi Access
1. Connect to “Hilton Meeting” 2. Open your browser3. Enter PIN: CISC
WiFi is provided by PSAV/Hilton. CISC is not responsible for WiFi service.
Dine-Around DC
Join your colleagues at CISC for Dine-Around DC. On the evening of Tuesday, October 10, you can enjoy an informal, prix-fixe dinner at a group table in the company of other professionals at one of Rockville’s finest restaurants . Stop by the registration desk for more info.
AAGGEENNDDAA
Hilton Washington DC • Rockville, Maryland 33
TTuueessddaayy,, OOccttoobbeerr 1100 Detailed session descriptions are online at Certinfosec.org Plenary Session Plaza I & II
9:00 Plenary Session, Welcome and Introduction, Bill Rutledge, Project Director, CISC2018
Pushing Computers to the Edge: Next Generation Security and Privacy Controls Supporting Systems, Organi-zations, and the Internet of Things, Ron Ross, Fellow, NIST
Cyber Security in Today’s Hybrid Virtual World, Susie Adams, Chief Technology Officer, Microsoft Federal
10:20 Networking Break, Exhibits Open (Plaza III)
EEnntteerrpprriissee CCoommppll iiaannccee ((EECC)) PPllaazzaa II OOrrggaanniizzaattiioonnaall RReessii ll iieennccee aanndd CCyybbeerrddeeffeennssee ((OORR)) PPllaazzaa II II
11:00 Cybersecurity Compliance: Less Pain, More Auto-mation (EC12) Gib Sorebo, Chief Cybersecurity Technologist, Leidos
ISO 22301 Business Continuity Management: Case Studies and Best Practices (OR12) George Huff, Director of Consulting, The Continuity Project
11:40 ISO 27001: The Global Cyber Security Compliance Framework (EC13) Alan Calder, Founder & Executive Chair, IT Governance Ltd
ISO 22301 Business Continuity Basics and Action-able Insights (OR13) Bob Cohen, ISO 22301 Practice Manager, Pivot Point Security
12:20 Lunch in Exhibits (Plaza III)
13:20 Typical Issues When Implementing an ISO 27001 Management System, and How to Avoid Them (EC14), Willibert Fabritius, Assistance VP, BSI and Neelov Kar, Lead Auditor, BSI Group
Assess Your Vendors...Before It's Too Late! (OR14) Charlie Miller, SVP, Shared Assessments , The Santa Fe Group/Shared Assessments
14:00 Clause 4—Context of the Organization and How to Determine a Proper Scope of Registration (EC15) David Anders, Managing Partner, SecuraStar.com, iCertWorks.com, ISOmanager.com
You Know They Were Here…But WHY? (OR15) Kelly J. Kuchta, CEO & Founder, Forensics Consulting Solutions, LLC
14:40 Networking Break in Exhibits (Plaza III)
15:00 Determining Scope of Your Information Security Management System (EC16) John Laffey, Perry Johnson Registrars
Intrusion to Detection: Establishing an Effective Response (OR16) [40 Min] Edward Beesley, Global Head of IT and Digital Services for the CBE Business, SGS
15:20 ISO 27001 Audits—"A View from the Customer Side" (EC17) Christine Ishak, Senior Manager, Deloitte
15:40 A Case Study of lessons learned and benefits of an ISO 27001:2013 implementation (EC18) Kris Martel, Chief Information Security Officer, EmagineIT
Perspectives on Organizational Resilience (OR18) Chloe Demrovsky, President & CEO, Disaster Recovery Institute International
16:00 Networking Break in Exhibits (Plaza III)
16:20 Case Study: ISO 27001/27002 Security Framework and Controls Implementation (EC19) John Linkous, Founder & CEO, InterPoint Group
The Art of Cyber Conflict (OR19) Henry Sienkiewicz, Open Travel Software
17:00 Welcome Reception in Exhibits (Exhibits Open, Plaza III, ends at 18:30) Dine-Around DC (See page 2)
AAGGEENNDDAA
44 Certified InfoSec Conference • October 9-11, 2017
WWeeddnneessddaayy,, OOccttoobbeerr 1111 Detailed session descriptions are online at Certinfosec.org
CClloouudd CCoommppll iiaannccee ((CCLL)) PPllaazzaa II CCrroossss--CCoommppll iiaannccee ((CCRR)) PPllaazzaa II II
9:00 Lesson and Strategies: Moving to Cloud Services and Shared Services (CL20) Benjamin Bergersen, Chief Information Officer, U.S. Trade and Development Agency
Surveying the Landscape (CR20) Richard Wilsher, Founder & CEO, Zygma LLC
9:40 Cloud Compliance Certifications and The Road Ahead (CL21) Erika Voss, Head of Information Security, Risk, and Compliance, Zillow Group
Merging ISO 27001, NIST 171 and other DFAR and Regulatory Requirements (CR21) Lisa Dubrock, Managing Partner, Radian Compliance, Michelle Farr, CEO, Zofia Consulting, and Ruth Sherrill, Manager, Cotracts Dynamis
10:20 Networking Break in Exhibits (Plaza III)
10:40 Cloud Compliance and CSA STAR (CL22) Katie Lewin, Federal Director, Cloud Security Alliance
Managing Cyber Security Gaps of ISO/IEC 27001 for Clients Requiring DFARS (800-171) Compliance (CR22) Maria Horton, CEO/President, EmeSec
11:20 ISO27001 in a Cloud Environment—The Easy Way (CL23) Chris Hall, Director, Business Technology Risk Partners (BTRP)
Harmonizing SOC 2 and ISO 27001 (CR23) Ryan Mackie, Principal, ISO Practice Director Schellman & Company
12:00 Lunch in Exhibits (Plaza III)
13:00 Providing Assurance Through Federal Certifications for FISMA and NIST SP 800-53 Security Controls (CL24) Shashi Karanam, Senior Certifications Consultant, Corsec Security
GDPR Weaving a Data Protection Culture into the Fabric of Your Business (800-171) Compliance (CR24) Shane Ryan, EVP of Professional Service, BSI Group
13:40 ISO 27001 and ISO 27018 in Cloud Service Enterprises (CL25) Michael Fuller, Director, Coalfire
ISO 29100 and Privacy (CR25) Eric Lachapelle, CEO, PECB
14:20 Networking Break in Exhibits (Plaza III—Exhibits Close at 14:40)
14:40 Inside the DHS Study on Mobile Device Security, a 2017 Report to Congress (CL26) Joshua Franklin, IT Security Specialist, NIST and Vincent Sritapan, HSARPA Program Manager, US Department of Homeland Security
Sooner Than You Think: Quantum Computing and the Reinvention of Security (CR26) Mike Brown, CTO, ISARA Corporation
15:20 Networking Break (Foyer)
15:30 Summary Panel Discussion: InfoSec Risk Assessment (P27) (Plaza I)
This panel discussion will focus on fundamental questions about why do we do risk analysis and risk assessment. What is the most effective risk analysis/risk assessment in the field and why? We’ll consider a range of risk assessment methodologies including NIST Risk Assessment, BITS, Octave, 3100 ERM, Cloud Security Risk, and more. The summary panel session topic was chosen by a survey of conference participants. Moderator: Willibert Fabritius, Assistant Vice President, BSI; Panelists: Dave Anders, Managing Partner, SecuraStar; Bob Cohen, ISO 22301 Practice Manager, Pivot Point Security; Richard Wilshire, Founder & CEO, Zygma
Thursday-Friday, October 12-13: Two-Day Training/Exam Sessions
Separate registration required. Check at registration desk for more information and location of sessions.
HOW SECURE IS YOUR CUSTOMER DATA?DON’T TAKE THAT RISK. SGS CAN HELP YOUR STAND OUT FROM THE COMPETITION BY IMPLEMENTING A STRONG INFORMATION SECURITY MANAGEMENT SYSTEM. STOP BY OUR TABLE AT THE CONFERENCE FOR MORE INFORMATION.
© S
GS
Gro
up M
anag
emen
t SA
– 2
017
– A
ll rig
hts
rese
rved
- S
GS
is a
reg
iste
red
trad
emar
k of
SG
S G
roup
Man
agem
ent
SA
SGS IS THE WORLD’S LEADING INSPECTION, VERIFICATION, TESTING AND CERTIFICATION COMPANY
SPEAKERS
6 Certified InfoSec Conference • October 9-11, 2017
Speakers Speaker biographies are online at Certinfosec.org
Susie Adams
Chief Technology Officer, Microsoft Federal
Keynote PL11b
David Anders
Managing Partner, SecuraStar
Program Committee Chair & EC15
Erez Avidan Antonir
VP Business Development Project Hosts
WK02b
Edward Beesley
Global Head of IT and Digital Services for the CBE Business, SGS
OR16
Benjamin Bergersen
Chief Information Officer, U.S. Trade and Development Agency
CL20
Mike Brown
CTO, ISARA Corporation
CR26
Alan Calder
Founder & Executive Chair, IT Governance
EC13
Bob Cohen
ISO 22301 Practice Manager, Pivot Point Security
WK01b & OR13
Chloe Demrovsky
President & CEO, Disaster Recovery Institute International
OR18
Lisa Dubrock
Managing Partner, Radian Compliance, LLC
CR21
Willibert Fabritius
Assistant Vice President, BSI
Program Committee Chair, WK01a & EC14
Michelle Farr
CEO, Zofia Consulting
CR21
SPEAKERS
Hilton Washington DC • Rockville, Maryland 7
Joshua Frankin
IT Security Specialist, National Institute of Standards and Technology
CL26
Michael Fuller
Director, Coalfire ISO
CL25
Chris Hall
Chris Hall, Director, Business Technology Risk Partners (BTRP)
CL23
Maria Horton
CISSP, ISSMP, IAM, Cloud Essentials, CEO, EmeSec
CR22
George Huff
Director of Consulting, The Continuity Project
OR12
Christine Ishak
Senior Manager, Deloitte
EC17
Neelov Kar
Lead Auditor, BSI
EC14
Shashi Karanam
Senior Certifications Consultant, Corsec Security
CL24
Kelly Kuchta
CEO & Founder, Forensics Consulting Solutions, LLC
OR15
Eric Lachapelle
Chief Executive Officer, PECB
CR25
John Laffey
Perry Johnson Registrars
EC16
Katie Lewin
Federal Director, Cloud Security Alliance
CL22
John Linkous
Founder and CEO, InterPoint Group
EC19
Ryan Mackie
Principal, ISO Practice Director, Schellman & Company
CR23
SPEAKERS
8 Certified InfoSec Conference • October 9-11, 2017
Kris Martel
Chief Information Security Officer Emagine IT
EC18
Charlie Miller
SVP, Shared Assessment
OR14
Ron Ross
Fellow, National Institute of Standards and Technology
PL11a
Bill Rutledge
Project Director, CISC17
Program Committee Chair
Shane Ryan
EVP of Professional Services, Information Governance, British Standards Institute (BSI)
CR24
Ruth Sherrill
Manager, Contracts, Dynamis, Inc
CR21
Henry Sienkiewicz
OpenTravel Software
OR19
Gib Sorebo
Chief Cybersecurity Technologist, Leidos
EC12
Vincent Sritapan
HSARPA Program Manager, US Department of Homeland Security
CL26
Erika Voss
Head of Information Security, Risk, and Compliance, Zillow Group
CL21
Katie Warlick
Business Development Manager, BSI Group
WK01a
Richard Wilshire
Founder & CEO, Zygma Partnership
CR20
Timothy Woodcome
Director, NQA, USA
WK02a
ISO 27000 Training • ISO 27001 Lead Auditor • ISO 27001 Lead Implementer • ISO 27005 Risk Mgr • ISO 27032 Cyber Security Mgr • ISO 27035 Lead Incident Mgr
ISO 27001 Implementation • Clause 4-10 implementation • Risk Assessment • Statement of Applicability • Policies, Processes, Procedures • Business Continuity Plans
ISO 27001 Audits • ISO 27001 Gap Assessment • 3rd Party / Vendor / Supplier Audits • ISO 27001 Internal Audit • ISO 27001 Certification Audits (iCertWorks)
ISO 27001 Software • Clause 4-10 Navigation • Risk Assessment • Task Management System • GRC Compliance (FISMA, HIPAA, PCI, CSA, etc)
Contact us Today! 855-476-2701
www.SecuraStar.com
SPONSORS
10 Certified InfoSec Conference • October 9-11, 2017
Exhibit Floor Plan
2. BSI, Gold Sponsor 3. SecuraStar, Silver Sponsor 4. DNV-GL, Silver Sponsor 5. SGS, Badge Sponsor 6. Emagine IT, Gold Sponsor 8. ICertWorks, Silver Sponsor 9. Standard Fusion GRC 10. Dekra, Water Bottle Sponsor
11. EmeSec 12. Perry Johnson Registrars 13. Pivot Point Security 14. CoalFire, Bag Sponsor 15. Project Hosts 17. Whitewood 18. NQA 19. Vantage Point 20. DQS
SPONSORS
Hilton Washington DC • Rockville, Maryland 11
Sponsors & Exhibitors
Event Sponsor
atsec information security United States www.atsec.com
atsec information security is an independent, privately owned company that focuses on providing laboratory and consulting services for information security. We address commercial and government sectors around the world. Our consultants are expert in a variety of technologies including operating systems, databases, and network devices. Our laboratories specialise in evaluating and testing commercial products, using international standards to help provide assurance to end-users about the products they buy and use. We focus on assisting organizations, large and small, achieve compliance with standards such as Common Criteria, FIPS 140-2, O-TTPS, PCI, ISO/IEC 27001 and FISMA and offer a variety of services that complement that goal
Gold Sponsor, Booth 2
BSIUnited States www.bsigroup.com
BSI’s legacy of making excellence a habit™ has made us a leading global provider of services designed to protect and grow businesses of every size and in every sector. Our technical experts, global presence, and long history means we can provide clients around the world with an unsurpassed level of service and a unique product portfolio. We enhance an organization’s management system by understanding and helping to solve problems using our full suite of services–Training, Assessment, and Business Improvement Software. At BSI, the power of our portfolio, expertise, and passion can provide the gateway to excellence inside an organization.
Association Sponsor
Cloud Security All iance (CSA) Cloudsecurityalliance.org
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud—from providers and customers, to governments, entrepreneurs and the assurance industry—and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.
Bag Sponsor Booth 14
Coalfire Systems United States www.coalfire.com
We are a group of technology professionals that started in 2001 with a simple idea – cyber threats are increasing, compliance mandates are getting more complicated, and a well-designed cyber risk management program is your best line of defense. We’ve been rethinking risk management and compliance ever since. Coalfire helps organizations comply with global financial, government, industry and healthcare mandates while helping build the IT infrastructure and security systems that will protect their business from security breaches and data theft. The company is a leading provider of IT advisory services for security in retail, payments, healthcare, financial services, higher education, hospitality, government and utilities. Coalfire professionals use a combination of IT experience, expertise and intelligence to independently audit and evaluate your entire IT infrastructure to determine what your actual risks are, help you understand how to protect your business assets, and what resources you need to quickly identify and respond to security threats.
SSPPOONNSSOORRSS
1122 Certified InfoSec Conference • October 9-11, 2017
Water Sponsor, Booth 10
DDEEKKRRAA Dekra.com
DEKRA Certification is a global registrar for management system standards, including ISO 9001, ISO 14001, ISO 13485, AS 9100, ISO 50001, IATF 16949, ISO 27001, and more. DEKRA Certification is one of the world’s leading expert organizations, active in over 70 countries throughout the globe. With their newest acquisition, AQS Solutions, DEKRA is able to provide one stop for all certification and training needs.
Silver Sponsor, Booth 4
DDNNVV--GGLL United States www.dnvgl.com
Driven by our purpose of safeguarding life, property and the environment, DNV GL enables organizations to advance the safety and sustainability of their business. We provide classification, technical assurance, software and independent expert advisory services to the maritime, oil & gas and energy industries. We also provide certification services to customers across a wide range of industries. Combining leading technical and operational expertise, risk methodology and in-depth industry knowledge, we empower our customers’ decisions and actions with trust and confidence. We continuously invest in research and collaborative innovation to provide customers and society with operational and technological foresight. Operating in more than 100 countries, our professionals are dedicated to helping customers make the world safer, smarter and greener.
Booth 20
DDQQSS,, IInncc United States www.dqsus.com
DQS is the preferred partner for assessments and certifications of management systems, with approximately 50,000 certification sites supported globally. We are committed to Information Security, Information Technology and Business Continuity in our support of non-certification, process-driven development
projects along with ISO 27001, ISO 20001 & ISO 22301 registrations. UL DQS belongs to the top group of international management certification bodies with more than 2,300 auditors in over 100 countries. We value your business and remain committed to our customer focus and technical excellence. We look forward to the opportunity to partner with you in achieving your business objectives.
Gold Sponsor, Booth 6
EEmmaaggiinnee IITT United States www.eit2.com
Founded in 2002, EIT is an Information Technology (IT) Consulting Services company that specializes in delivering technology solutions to meet the needs of clients. Our organization excels at providing a multitude of services including management, consulting, solutions engineering, system integration, and IT advisory services. EIT provides strategic leadership and execution on all facets of cybersecurity leadership including Assessment & Authorizations (A&A), Advisory Services, and Penetration testing. Our reputation reflects the high quality of the talented EIT team and the consultants working for our clients. EIT has conducted more than 1,000 federal assessments, focusing on regulatory and compliance requirements such as FedRAMP, Health Insurance Portability and Accountability Act (HIPAA), the FISMA, and the Risk Management Framework (RMF). Our team specializes in technical advisory to include: System Documentation – development of policies, plans and procedures for FedRAMP, NIST Advisement – ensuring your cloud service meets NIST guidelines, DoD A&A – over ten years of DoD Assessment & Authorization experience, Penetration Testing – execute deliberate attacks to test system integrity, Vulnerability Assessments – perform scans on systems to identify vulnerabilities, and Application Security Testing – detect security holes in software and applications.
Booth 11
EEmmeeSSeecc United States www.emesec.net
EmeSec is focused on improving a client’s effective use of technology to deliver agency mission/programs while
SPONSORS
Hilton Washington DC • Rockville, Maryland 13
mitigating cyber security vulnerabilities and risks. Founded as an Information Assurance (IA) business, EmeSec included a variety of advisory and assistance consulting, technical support, project development, and general engineering services. EmeSec gained certifications as a means of improving performance, showcasing the strong business management of the company, and obtaining compliance with what some government agencies required in larger and larger RFPs. As the cloud infrastructure and the need for System Security Engineering across the technology spectrum of cloud, mobile, and legacy system migration continues to expand, EmeSec has positioned itself to provide cloud security expertise that combines agile engineering and development efforts with an eye to the cyber and privacy threats that systems will inevitably face during deployment.
Silver Sponsor, Booth 8
iCertWorks
www.icertworks.com
iCertWorks is an international ISO management system accredited training and certification organization. iCertWorks also offer ISO 27001 Certification services through PECB (IAS Accreditation). To offer you a quote, we will need an application filled out and a defined scope statement with number of employees in scope and number of locations in scope. We have been performing ISO 27001 Certification Audits for over 5 years and also offer Certification services for ISO 9001, etc.
Association Sponsor
IT Governance
www.itgovernanceusa.com
IT Governance is a unique organisation. The company was founded in April 2002 to source, create and deliver products and services to meet the real-world, evolving IT governance needs of today’s organizations, directors, managers and practitioners. Our objective is to make this site the one-stop-shop for comprehensive corporate and IT governance information, advice, guidance, books, tools, training for the American market. We have been involved in designing, and successfully implementing, cost-effective ISO 27001 information security management systems since the standard was first promulgated. We write and publish extensively on IT governance subjects, including IT service management,
project governance, regulation and compliance, and have evolved a range of leading-edge tools for IT governance, information security and regulatory compliance practitioners, available through the online shop on this site. We approach IT governance, regulatory compliance and information security issues from a management perspective and are committed to engaging business leaders in developing and implementing information, ICT regulatory compliance and information security strategies that enable their businesses to compete effectively in the global information economy.
Booth 18
National Quality Assurance (NQA) United States www.nqa.com
Your Partner for Organizational Success: You are not just selecting a Registrar, you are selecting a partner in your quest for success in the marketplace. NQA’s strategy for success is to maintain core values based on credibility, professionalism, integrity, communication and competent registrations for all clients. Our goal is to exceed our clients’ expectations. We continuously maintain sufficient auditor resources which allow us to minimize typical lead times to a few weeks, utilizing highly trained and experienced local auditors. Additionally, your NQA partnership brings you access to valuable informational updates and resources, through our e-newsletters and network of training partners.
Booth 12
Perry Johnson Registrars United States www.pjr.com
Perry Johnson Registrars, Inc. is a fully accredited ISO 27001 registrar that operates with the client’s best interests in mind. PJR’s auditors receive continuing professional development training in order to link your customer’s objectives with your process performance measurables. The focus on your organization’s need to meet or exceed customer expectations is why PJR should be your Registrar. Check us out at www.pjr.com or contact us at 1-800-800-7910 for more information on how PJR can become your partner in certification!
SSPPOONNSSOORRSS
1144 Certified InfoSec Conference • October 9-11, 2017
Booth 15
PPrroojjeecctt HHoossttss United States www.pivotpointsecurity.com
The ISMScloud Service was created by Project Hosts, Inc, a recognized leader in managed cloud services and hosting that is both ISO 27001 and FedRAMP SaaS compliant. Founded in 2003, the company has served thousands of enterprise customers and government agencies with highly secure, customized and standards-based cloud solutions. Now, to help other companies secure their information management system and achieve their ISO 27001 certification, we’ve taken our knowledge and expertise and created an online service to simplify, speed and essentially ensure that you’ll pass the certification process. We did!
Silver Sponsor, Booth 3
SSeeccuurraaSSttaarr United States www.securastar.com
SecuraStar is a niche consulting firm specializing in information security management systems (ISMS). Our years of experience and expertise in ISO 27001 consulting has resulted in international recognition of our products and services.
Badge Sponsor, Booth 5
SSGGSS NNoorrtthh AAmmeerriiccaa United States www.sgsgroup.us.com
SGS is the world’s leading inspection, testing and certification company and recognized as the global benchmark for quality and integrity. With more than 89,000 employees in 130 countries, SGS works with more than half of Fortune 500 companies but also with SMB organizations looking to enhance their business. SGS supports clients in opening up new business opportunities with information security conscious customers. SGS performs pre-assessment and certification audits to ISO 27001 for Information Security Management Systems, ISO 20000 for IT Service Management, ISO 22301 Business Continuity Management, Cloud Security Alliance (CSA) Security,
Trust and Assurance (STAR) assessments and other programs, as well as supplier audits.
Booth 9
SSttaannddaarrddFFuussiioonn Canada www.standardfusion.com
StandardFusion was built to help organizations of all sizes simplify the complexities of GRC (governance, risk and compliance). It sets out to eliminate high costs of implementation and operation, adding value to the bottom line by reducing risk and disruption before it happens and reduce complexity wherever possible through technology and automation. StandardFusion is a SaaS management platform that can manage compliance to just about any standard. StandardFusion becomes the single source of truth, or system of record, for their compliance programs. With licensing agreements with the AICPA, Standards Council of Canada (ISO/IEC), PCI, and BSI, StandardFusion supports most standards straight out of the box. This includes HIPAA, FEDRAMP, NIST, ISO, PCIDSS, and SOC1/2, just to name a few.
Booth 19
VVaannttaaggee PPooiinntt USA www.thevantagepoint.com
VantagePoint offers a security solution and consulting experts you need to help you enhance your security posture, reduce your risk, and facilitate compliance efforts. Our security product enables you to measure and monitor your security posture and detect threats across clouds and operating systems across five security verticals: file integrity monitoring, log analysis, vulnerability management, reputation analysis, and security configuration baseline analysis. Our consultants are seasoned, highly certified security veterans who can help you assess your security program, understand your gaps, pursue certification, test and improve your security defenses, design and develop security programs and architecture, and lead key security initiatives on your behalf.
SPONSORS
Hilton Washington DC • Rockville, Maryland 15
Booth 17
Whitewood USA whitewoodsecurity.com
Whitewood uses quantum mechanics to optimize random number generation across cloud, data centers & IoT devices. Without true randomness applications that rely on crypto are at risk. Whitewood’s award-winning products and cloud service address entropy starvation where sources of randomness are scarce & unreliable. Try free quantum entropy at getnetrandom.com.
Your Conference
Badge is a Digital Business Card
Badge/Lanyard Sponsor
Use any smart phone or pad QR code scanning app to retrieve com-plete contact information
Many free QR code scanning apps are available. The following app is highly
rated in many app stores:
ScanLife by ScanBuy Inc. on Android, iOS, BlackBerry, Nokia Ovi, Windows Phone
We make no representations or warranties regarding the functionality or performance of any third party software
ISO 22000—IT Service Management Systems (ITSMS) • ISO 22301 Lead Auditor • ISO 22301 Lead Implementer ISO 22301—Business Continuity Management Systems (BCMS) • ISO 22301 Lead Auditor • ISO 22301 Lead Implementer ISO 27001—Information Security Management Systems (ISMS) • ISO 27001 Lead Auditor • ISO 27001 Lead Implementer • ISO 27005 Risk Mgr • ISO 27032 Cyber Security Mgr • ISO 27035 Lead Incident Mgr
*Over 50 ISO Training Classes Available!
Contact us Today! 855-476-2701
www.iCertWorks.com
ISO Training & Certification for “Individuals”
PECB “2017 Reseller fo the year”
ISO Certification for “Organizations”
• ISO 9001—Quality Management Systems (QMS) • ISO 20000—IT Service Management Systems (ITSMS) • ISO 22301—Business Continuity Management Systems (BCMS) • ISO 27001—Information Security Management Systems (ISMS) • ISO 30001—Enterprise Risk Management (EMS)
*Over 20 ISO Standards Available for Certification!
Come see us at Booth #6
• 1-877-368-3530 • www.dnvglcert.com/xx
your Information Security Management System
STRENGTHEN
your assetsPROTECT
www.eit2.com
Delivering cutting-edge digital solutions that will solve your problems. Every time.
cloud security & emerging technologies
penetration testing & remediation services
software development
program management services
accredited FedRAMP 3PAO assessments
cyber security, risk management & privacy services
advisory services for FISMA, FedRAMP, ITAR, DFARS & RMF