Conference Program by Track

Panelists will look at the recognized frameworks and consider implications related to future technologies such as A.I., BlockChain, IoT. How will consulting and advisory services respond and what revised standards... Read More

As an Information Security pioneer for more than 35 years, and the author of the original text behind ISO/IEC 27000, David has a unique perspective on the Cybersecurity landscape and... Read More

Description to come

Our panel of experts from industry and government provide case studies on the challenges they have encountered in gaining ISO 27001 certifications. Audience members will benefit from hearing about the... Read More

GDPR is climbing to the top of enterprise priorities, but much of the buzz fails to capture even a fraction of the technical challenges ahead. For example, GDPR does not... Read More

Enterprise Security Standards of today typically prescribe the creation of “asset-based” risk assessments to protect their enterprise information. Today’s multi-vector threat landscape requires us to think of risk in a... Read More

The cloud and IT services intra-industry competition has propelled the interest, adoption, and obtainment of various security certifications, to include ISO 27001, and the age of acquisitions in the never-ending... Read More

The compliance landscape can be overwhelming when dealing with customers (as well as internal management and sales personnel). A compliance team may have to address some of the following questions:... Read More

Description to come

During this session, we will discuss the importance of Identity Governance and Administration (IGA) and how Segregation of Duties (SOD), Policy Enforcement, Risk Assessment and Access Certifications help organizations meet... Read More

Description to come.

Cloud security, and by extension compliance are challenged by an ever-evolving threat landscape. The dynamics are constantly in flux and it can be a never-ending, unwinnable battle. What if we... Read More

Cloud compliance is a relatively new endeavor, and, as such, policy-makers are still working toward identifying consistent and broad-reaching standards for implementation and security. Join our panelists as they discuss... Read More

To certify cloud applications organizations have to change. Traditional data center audits (PCI, HIPAA, FISMA, ISO 27001) are challenged by the risks, management and security boundaries presented by moving commercial... Read More

Over the past five years, “Cloud Computing” has revolutionized how organizations do computing. It has driven a transformation from enterprise datacenters filled with servers to enterprise applications hosted in mega-facilities... Read More

Many organizations have solutions that can meet a variety of federal IT needs. However, due to either having no prior federal experience or minimal experience in providing on-prem solutions they... Read More

With greater resiliency, elasticity, visibility, automation, and the availability of emerging technologies such as artificial intelligence and machine learning, security professionals can exceed their highest security and compliance objectives with... Read More

Description tba

Almost six months have passed since the GDPR came into force. What have been some of the biggest challenges leading up to GDPR but also during its first half year?... Read More

In the age of digital data our society has taken a rather laissez-faire attitude toward personal information. We think nothing of providing our Social Security number to credit bureaus and... Read More

GDPR is the latest compliance requirement going into effect (as of May 2018) that will be a game-changer for all businesses harvesting or interacting with data originating in the European... Read More

According to Gartner, more than 80% of companies use sensitive data for non-production in development environments for more reliable testing. For the hacker, non-production environments are a tempting target as... Read More

Cyber security and data protection is not about the adversary. The same techniques that protect against credit card scammers will protect against political information hackers. While the actors matter, ultimately,... Read More

ISO/IEC 27552, better known as PIMS in standard development community, is a privacy extension to ISMS. It is designed as a certification standard to enable demonstration of privacy policy/regulatory compliance... Read More

Managing the security and compliance requirements from federal and state agencies and other third parties can be a daunting task. The activities consume a considerable level of energy, expense, and... Read More

Ask any governance or compliance professional and they’ll tell you that the days of having “regulated” vs. “unregulated” industries is over.  In fact, most companies have multiple, potentially overlapping regulatory... Read More

The CIS CSC controls are designed to prevent breaches, but there is no current means to be audited as compliant with this standard and prove that it was implemented effectively.... Read More

DPR has an inherent “right of erasure”, or the right to be forgotten. A person has the right to request that their data be removed from processing, storage, or use.... Read More

Managing regulatory and compliance risk is a constant challenge for organizations subject to data security and privacy regulations/standards. The current pace of regulatory change is extremely high, which poses added... Read More

While ISO 27000 and ISO 27001 are the most recognized standard are many other Standards in the Ecosystem and this presentation will provide an introduction to these other standards.

The information security management system as defined by ISO 27000 lays the foundation for data privacy. Annex controls of ISO 27000 standard provides the basic control to build a secured... Read More

Description to come