The Global Forum for Certified Enterprise IT Security

2017 Complete Conference Program

Build Your Own Program From Five Days of Content

Pre-Conference Workshops (Day 1)

Two-Day Conference/Four Tracks (Day 2-3)

Post-Conference Training (Day 4-5)

The week starts with intensive half-day pre-conference workshops (Day 1, Mon) to bring you up to speed on terms, concepts and strategies for certified ISMS.

The Certified InfoSec Conference will be presented in plenary sessions, and four tracks (Day 2 & 3, Tue & Wed). The opening Plenary Sessions (Day 2, Tue) will present keynote speakers and an industry overview. The Enterprise Compliance track (Day 2, Tue) will cover issues related to ISMS implementation within the organization. The Organizational Resilience and Cyberdefense track (Day 2, Tue) will cover issues related to business continuity and intrusion response. The Cloud Compliance track (Day 3, Wed) will cover special issues related to security and privacy for cloud organizations. The Cross-Compliance track (Day 3, Wed) will cover issues related to the efficient management of multiple certified security frameworks. Hospitality events including breaks, lunches, an industry reception give you the opportunity to network with colleagues and speakers. The conference ends with a summary panel discussion of industry leaders focused on a topic chosen by conference participants.

Post-Conference Training/Exam Sessions (Day 4 & 5, Thu & Fri) allow you to achieve a valuable professional certification.

The Complete Conference Schedule

Day 1
10 Oct 2017
Day 2
12 Oct 2017
Day 3
10 Oct 2017
Day 4
12 Oct 2017
Day 5
11 Oct 2017
Day 6
10 Oct 2017
Day 7
09 Oct 2017
Day 8
11 Oct 2017
Day 9
09 Oct 2017
Day 10
10 Oct 2017
Day 11
11 Oct 2017
Day 12
10 Oct 2017
Day 13
11 Oct 2017
Day 14
10 Oct 2017
Day 15
09 Oct 2017
Day 16
11 Oct 2017
Day 17
10 Oct 2017
Day 18
11 Oct 2017
Day 19
09 Oct 2017
Day 20
11 Oct 2017
Day 21
10 Oct 2017
Day 22
11 Oct 2017
Day 23
10 Oct 2017
Day 24
09 Oct 2017

PECB Certified ISO 27001 Lead Auditor (5-Day Post Conference Training)

Scheduled to run Thu-Mon, October 12-16. This five-day intensive course enables the participants to develop the expertise needed to audit an Information Security Management System (ISMS), and manage a team...
Read More
Speaker TBA

Cyber Security in Today’s Hybrid Virtual World

Cloud computing, mobile devices, the Internet of Things, and the increasing digitization of information and processes in a hybrid computing environment present new challenges to securing data and information. Today’s...
Read More
Susie Adams

A Case Study of Lessons Learned and Benefits of an ISO 27001:2013 Implementation

We welcome you to join Mr. Kris Martel, Emagine IT’s Chief Information Security Officer (CISO), for a case study discussion about Emagine IT’s ISO 27001:2013 Implementation.  The speaker will discuss...
Read More
Kris Martel

ISO 27001 Certified ISMS Lead Implementer (2-Day Post Conference Training)

Scheduled to run Thu-Fri, October 12-13.Achieve and demonstrate compliance with the latest information security regulations and laws with this industry expert delivered classroom training course. Designed by the team that led the world’s...
Read More
Alan Calder

ISO 27005 Risk Manager (2-Day Post Conference Training)

Scheduled to run Thu-Fri, October 12-13. Taught in 2 day intense training with certification exam. Participants will receive certificate of completion with 21 CPD Credits. This course enables the participants to...
Read More
David Anders

Summary Panel Discussion: InfoSec Risk Assessment

This panel discussion will focus on fundamental questions about why do we do risk analysis and risk assessment. What is the most effective risk analysis/risk assessment in the field and...
Read More
Bob Cohen
Willibert Fabritius
David Anders
Richard Wilsher

Sooner Than You Think: Quantum Computing and the Reinvention of Security

At an accelerating rate, astonishing research and staggering financial investment are being poured into the development of quantum computers. The potential for commercialization of quantum computers could bring with it...
Read More
Mike Brown
15:20-15:30

Coffee Break

14:20 -14:40

Networking Break in Exhibits

Providing Assurance Through Federal Certifications for FISMA and NIST SP 800-53 Security Controls

Common Criteria, DoDIN APL, and FIPS 140-2 are security certifications that validate products’ conformance using security controls.  While the security controls defining these certification frameworks vary, significant overlap exists among...
Read More
Shashi Karanam
12:00 - 13:00

Lunch in Exhibits

ISO 27001 in a Cloud Environment—The Easy Way

This presentation will give practical advice and examples of how to use ISO 27001 for both cloud service providers and users of cloud services. For cloud service providers this will...
Read More
Chris Hall

Harmonizing SOC 2 and ISO 27001

This presentation will explain how the two compliance efforts can be effectively implemented and managed while satisfying the broader customer demand. ISO/IEC 27001:2015 (ISO 27001) certification assessments and SOC 2...
Read More
Ryan Mackie
10:20 - 10:40

Networking Break in Exhibits

08:00 - 09:00

Coffee in Exhibits

Dine-Around DC

Enjoy an informal group dinner at one of Rockville’s best restaurants with your CISC colleagues. Reserve your seat for a prix-fixe dinner at a group table. Reserve early—seating is limited. On site, you’ll meet your group Wednesday at 18:20 at the CISC registration desk in the foyer and depart from there.
17:00 - 18:20

Welcome Reception in Exhibits

The Art of Cyber Conflict

Sun Tzu meets Michael Hayden. In a very provoking and highly insightful manner, this session applies “The Art of War” as a baseline to present the issues of operating and...
Read More
Henry Sienkiewicz
16:00 - 16:20

Networking Break in Exhibits

Perspectives on Organizational Resilience

Cyber security, globalized supply chains, effective communications across industries: the list of challenges continues to grow exponentially. Are your priorities in line with that of C-suite executives? Disaster Recovery Institute...
Read More
Chloe Demrovsky
14:40 - 15:00

Networking Break in Exhibits

ISO 22301 Business Continuity Management: Case Studies and Best Practices

Business Continuity Management (BCM) is the process of achieving business continuity and is about preparing an organization to deal with disruptive incidents that might otherwise prevent it from achieving its...
Read More
George Huff

Cybersecurity Compliance: Less Pain, More Automation

While standards and regulations aren’t written in software code that can compiled and run, there’s no reason we can’t use that analogy to make our jobs easier.  This session will...
Read More
Gib Sorebo
10:20 - 11:00

Networking Break in Exhibits

08:00-09:00

Registration

08:00 - 09:00

Registration

What to Expect When You’re Expecting Your First ISO/IEC 27001 Certification Audit

If your organization is considering ISO 27001 Certification, you will likely be faced with the challenge of understanding exactly what that means (and then explaining that to your boss and...
Read More
Timothy Woodcome

Cloud Security and Certification—a Turning Point

Demand for cloud computing services and products is growing exponentially—both in the private sector and in Federal and local governments. Migration to the cloud is viewed as an important element...
Read More
Katie Lewin

Understanding ISO 22301—Purpose and Implementation

Join Business Continuity Expert, Bob Cohen, for an introduction to ISO 22301. Here are the topics Bob will cover and what you can expect to learn: ISO “Made Easy” /...
Read More
Bob Cohen

You Know They Were Here…But WHY?

Have you ever experienced a Cyber Event and ask yourself “What the heck REALLY just happened? Cyber Events are tools used to carry out a particular purpose. But, most of...
Read More
Kelly Kuchta

ISO 27001 Audits—”A View from the Customer Side”

We often hear from auditors about how to prepare to become certified but seldom hear the perspective of the ones who are being audited! Take a look into what organizations...
Read More
Christine Ishak

ISO 27001: The Global Cyber Security Compliance Framework

Covering GDPR, NYDFS, PCI, FedRAMP, and all and any other cyber security regulations—how ISO 27001’s focus on C, I, and A underpins all these regs and how to use ISO...
Read More
Alan Calder

ISO 27001 and ISO 27018 in Cloud Service Enterprises

ISO 27018 is a great compliment with significant value for Cloud service organizations considering the implementation of ISO 27001. The two standards are highly complimentary and add significant value to...
Read More
Michael Fuller

Determining Scope of Your Information Security Management System

Considerations and strategies for determining the scope of your ISMS, and meeting the requirements of ISO/IEC 27001:2013. Topics include purpose of defining the scope of your ISMS, who and what...
Read More
John Laffey

Assess Your Vendors…Before It’s Too Late!

You’ve spent the last several years shoring up your internal security controls to protect your organization against cyber attacks, security incidents and breaches. But have your third party service providers...
Read More
Charlie Miller

Surveying the Landscape

This presentation will look at the relationships between IS27001, IS22301, FISMA/FedRAMP, CSA STAR and SOC, in terms of their scope, level within a typical enterprise information security model, and technical...
Read More
Richard Wilsher

ISO 29100 and Privacy

This presentation will review the requirements of the ISO 29100 standard (Privacy Framework), how it aligns with other frameworks such as ISO 27001, as well as how it allows to...
Read More
Eric Lachapelle

ISO 22301 Business Continuity Basics and Actionable Insights

Geared toward both technical and business concerns, this presentation addresses topics such as Terms and Concepts, Business Impact Analysis, Recovery Planning Strategy, Recovery Plan Development & Execution. Bob Cohen has...
Read More
Bob Cohen

Introduction to Cross-Compliance: Managing Multiple Security Standards

Security and compliance teams who work for companies that need to obtain and maintain multiple information security standards including ISO 27001, HIPAA, HITRUST, FedRamp etc, find themselves repeating the work...
Read More
Erez Avidan Antonir

Merging ISO 27001, NIST 171 and other DFAR and Regulatory Requirements

Tired of dealing with multiple compliance requirements that don’t seem to line up? This panel discussion will bring into focus how to manage compliance with NIST 171 – Confidential Unclassified...
Read More
Lisa Dubrock
Ruth Sherrill
Michelle Farr

Typical Issues When Implementing An ISO 27001 Management System, and How to Avoid Them

A tremendous growth in ISO 27001:2013 certification has been observed in recent years. The awareness about information security is increasing in the industry which is compelling the service providers to...
Read More
Willibert Fabritius
Neelov Kar

Managing Cyber Security Gaps of ISO/IEC 27001 for Clients Requiring DFARS (800-171) Compliance

Organizations looking to implement ISO 27001 might assume that the IT group should run the project or manage the security controls long term. This session will delve into all of...
Read More
Maria Horton

Introduction to ISO/IEC 27001 Information Security Management

Introduce ISO/IEC 27001 to your business and discover how the information security management standard is designed to meet your specific needs. ISO/IEC 27001 is the international standard for information security...
Read More
Katie Warlick
Willibert Fabritius

GDPR Weaving a Data Protection Culture into the Fabric of your Business

The European General Data Protection Regulation (EU GDPR) is the most significant development in data protection in the last 20 years. GDPR is a new regulation around privacy of personal...
Read More
Shane Ryan

Clause 4—Context of the Organization and How To Determine a Proper Scope of Registration

This presentation will cover the basics of Clause 4 – Context of the Organization requirements and how those might effect how to choose a Scope of Registration that meets business...
Read More
David Anders

Inside the DHS Study on Mobile Device Security, a 2017 Report to Congress

This presentation will provide an inside look into the DHS Study on Mobile Device Security, a report that was recently (May 2017) delivered to Congress as mandated by the Cybersecurity...
Read More
Vincent Sritapan
Joshua Franklin

Intrusion to Detection: Establishing an Effective Response

It is impossible to prevent a focused intruder from gaining access to company networks. Typically, +200 days elapse between intrusion/detection. Companies should: Have an effective classification scheme that identifies the...
Read More
Edward Beesley
12:30 - 13:30

Lunch