October 9-10, 2018 | The Westin Tyson's Corner | Washington, DC

2017 Complete Conference Program

Build Your Own Program From Five Days of Content

Pre-Conference Workshops (Day 1)

Two-Day Conference/Four Tracks (Day 2-3)

Post-Conference Training (Day 4-5)

The week starts with intensive half-day pre-conference workshops (Day 1, Mon) to bring you up to speed on terms, concepts and strategies for certified ISMS.

The Certified InfoSec Conference will be presented in plenary sessions, and four tracks (Day 2 & 3, Tue & Wed). The opening Plenary Sessions (Day 2, Tue) will present keynote speakers and an industry overview. The Enterprise Compliance track (Day 2, Tue) will cover issues related to ISMS implementation within the organization. The Organizational Resilience and Cyberdefense track (Day 2, Tue) will cover issues related to business continuity and intrusion response. The Cloud Compliance track (Day 3, Wed) will cover special issues related to security and privacy for cloud organizations. The Cross-Compliance track (Day 3, Wed) will cover issues related to the efficient management of multiple certified security frameworks. Hospitality events including breaks, lunches, an industry reception give you the opportunity to network with colleagues and speakers. The conference ends with a summary panel discussion of industry leaders focused on a topic chosen by conference participants.

Post-Conference Training/Exam Sessions (Day 4 & 5, Thu & Fri) allow you to achieve a valuable professional certification.

The Complete Conference Schedule

Day 1
18 Nov 2018
Day 2
09 Oct 2018
Day 3
10 Oct 2018

Security & Compliance Certification – The Hype, Hope & Harsh Reality (R21c)

Managing the security and compliance requirements from federal and state agencies and other third parties can be a daunting task. The activities consume a considerable level of energy, expense, and...
Read More
John Sapp

Cybersecurity Risk and Compliance: Past, Present and Future (P10b)

As an Information Security pioneer for more than 35 years, and the author of the original text behind ISO/IEC 27000, David has a unique perspective on the Cybersecurity landscape and...
Read More
David Lacey

Cloud Compliance Keynote: Security & Compliance: A Driving Force Behind Moving to the Cloud (P10c)

With greater resiliency, elasticity, visibility, automation, and the availability of emerging technologies such as artificial intelligence and machine learning, security professionals can exceed their highest security and compliance objectives with...
Read More
Michael South

Compliance Overview – The Options and What They Mean (P10d)

The compliance landscape can be overwhelming when dealing with customers (as well as internal management and sales personnel). A compliance team may have to address some of the following questions:...
Read More
Scott Zelko
Ryan Mackie

How Do I Get Started With FedRAMP? (C11a)

Many organizations have solutions that can meet a variety of federal IT needs. However, due to either having no prior federal experience or minimal experience in providing on-prem solutions they...
Read More
Martin Rieger
Kris Martel

Assessment and Compliance for the Cloud (C11b)

Over the past five years, “Cloud Computing” has revolutionized how organizations do computing. It has driven a transformation from enterprise datacenters filled with servers to enterprise applications hosted in mega-facilities...
Read More
Chris Williams
Siobhan Moran

Taking Compliance to the Cloud (Tools and Techniques Using ISO Standards) (C12a)

To certify cloud applications organizations have to change. Traditional data center audits (PCI, HIPAA, FISMA, ISO 27001) are challenged by the risks, management and security boundaries presented by moving commercial...
Read More
Tim Weil

Managing an ISO 27001 Certification Program in the Age of Acquisitions (E12a)

The cloud and IT services intra-industry competition has propelled the interest, adoption, and obtainment of various security certifications, to include ISO 27001, and the age of acquisitions in the never-ending...
Read More
Shane York

Enterprise Compliance Panel Discussion: Certification Pitfalls and Lessons Learned (E12b)

Our panel of experts from industry and government provide case studies on the challenges they have encountered in gaining ISO 27001 certifications. Audience members will benefit from hearing about the...
Read More
Neil Witek
Heather Reis
John Linkous
Willibert Fabritius

Considering a Dramatically Different Paradigm to Ensure Security; How the Dynamic and Abstracted Infrastructure can be More Secure than Ever (C12b)

Cloud security, and by extension compliance are challenged by an ever-evolving threat landscape. The dynamics are constantly in flux and it can be a never-ending, unwinnable battle. What if we...
Read More
Ranil Dassanayaka
Robert Ames

Beyond Asset-Based Risk (E13a)

Enterprise Security Standards of today typically prescribe the creation of “asset-based” risk assessments to protect their enterprise information. Today’s multi-vector threat landscape requires us to think of risk in a...
Read More
Andrea Hill
Angela Osborne

Cloud Compliance Panel Discussion: Should There be a Standard International Reference Architecture to Make Cloud Compliance Easier? (C13a)

Cloud compliance is a relatively new endeavor, and, as such, policy-makers are still working toward identifying consistent and broad-reaching standards for implementation and security. Join our panelists as they discuss...
Read More
Anthony Valentine
Anil Karmel
Mark Houpt
Martin Rieger

GDPR: Beyond the Talk, Let’s Get to Execution (E13c)

GDPR is climbing to the top of enterprise priorities, but much of the buzz fails to capture even a fraction of the technical challenges ahead. For example, GDPR does not...
Read More
Michael Powell

The Importance of Identity Governance and Administration (IGA) in Compliance Frameworks (C13c)

During this session, we will discuss the importance of Identity Governance and Administration (IGA) and how Segregation of Duties (SOD), Policy Enforcement, Risk Assessment and Access Certifications help organizations meet...
Read More
Frank Briguglio

Data Protection: Security In The Cyber Environment (D20b)

Cyber security and data protection is not about the adversary. The same techniques that protect against credit card scammers will protect against political information hackers. While the actors matter, ultimately,...
Read More
Henry Sienkiewicz

ISO 27000 Certification Helping Organizations in GDPR Compliance (R20b)

The information security management system as defined by ISO 27000 lays the foundation for data privacy. Annex controls of ISO 27000 standard provides the basic control to build a secured...
Read More
Sanjay Basu
Neelov Kar

Introducing ISO/IEC 27552 Privacy Information Management System (D20c)

ISO/IEC 27552, better known as PIMS in standard development community, is a privacy extension to ISMS. It is designed as a certification standard to enable demonstration of privacy policy/regulatory compliance...
Read More
Kimberly Lucy

The ISO 27000 Ecosystem (R20c)

While ISO 27000 and ISO 27001 are the most recognized standard are many other Standards in the Ecosystem and this presentation will provide an introduction to these other standards.
Willibert Fabritius

Minimizing the Impact of Data Breaches in Dev and Test Databases (D21a)

According to Gartner, more than 80% of companies use sensitive data for non-production in development environments for more reliable testing. For the hacker, non-production environments are a tempting target as...
Read More
Steve Jones

Optimizing Compliance Management using Regulatory Libraries and Mappings: A Perspective on Data Security and Privacy Compliance (R21a)

Managing regulatory and compliance risk is a constant challenge for organizations subject to data security and privacy regulations/standards. The current pace of regulatory change is extremely high, which poses added...
Read More
Steve Crutchley
Brian Alexander

Adapting GDPR Requirements to Meet NIST 800-53 Rev. 5 (D21b)

GDPR is the latest compliance requirement going into effect (as of May 2018) that will be a game-changer for all businesses harvesting or interacting with data originating in the European...
Read More
Tim Lowman

Cross Compliance on a Budget—Strategies for Addressing Multiple Regulatory Frameworks without Breaking the Bank (R21b)

Ask any governance or compliance professional and they’ll tell you that the days of having “regulated” vs. “unregulated” industries is over.  In fact, most companies have multiple, potentially overlapping regulatory...
Read More
Ed Moyle

Digital Data in the Age of “The Breach” (D21c)

In the age of digital data our society has taken a rather laissez-faire attitude toward personal information. We think nothing of providing our Social Security number to credit bureaus and...
Read More
Kelly Kuchta

Data Privacy: GDPR and Beyond (D22a)

Almost six months have passed since the GDPR came into force. What have been some of the biggest challenges leading up to GDPR but also during its first half year?...
Read More

Blockchain and GDPR – How do you forget what cannot be forgotten? (D22a)

DPR has an inherent “right of erasure”, or the right to be forgotten. A person has the right to request that their data be removed from processing, storage, or use....
Read More
Joshua Marpet
Scott Lyons

A Frankenstinean Approach to an Information Security Management System: Implementing ISO 27001 with the CIS CSC (R22a)

The CIS CSC controls are designed to prevent breaches, but there is no current means to be audited as compliant with this standard and prove that it was implemented effectively....
Read More
Walter Williams

Current Frameworks vs. the Threat of Future Technologies (P23)

Panelists will look at the recognized frameworks and consider implications related to future technologies such as A.I., BlockChain, IoT. How will consulting and advisory services respond and what revised standards...
Read More
Kimberly Lucy
Joe Warren
Tim Lowman
Ryan Mackie
Willibert Fabritius