October 9-10, 2018 | The Westin Tyson's Corner | Washington, DC

Conference Program by Track

Plenary Presentations

Day 1
09 Oct 2018

Opening Plenary Keynote Presentation (P10b)

Description to come
Matt Goodrich

Cybersecurity Risk and Compliance: Past, Present and Future (P10c)

As an Information Security pioneer for more than 35 years, and the author of the original text behind ISO/IEC 27000, David has a unique perspective on the Cybersecurity landscape and...
Read More
David Lacey
Day 2
10 Oct 2018

Current Frameworks vs. the Threat of Future Technologies (P23)

Panelists will look at the recognized frameworks and consider implications related to future technologies such as A.I., BlockChain, IoT. How will consulting and advisory services respond and what revised standards...
Read More
Willibert Fabritius

Compliance Overview – The Options and What They Mean (E11b)

The compliance landscape can be overwhelming when dealing with customers (as well as internal management and sales personnel). A compliance team may have to address some of the following questions:...
Read More
Scott Zelko
Ryan Mackie

ISO27001 and SOC 2 Compliance – The Easy Way (E11c)

This presentation will focus on the ways to implement ISO27001 in conjunction with an ISAE3402/SOC 2 in such a way as to minimize the overhead and cost of doing so....
Read More

Managing an ISO 27001 Certification Program in the Age of Acquisitions (E12a)

The cloud and IT services intra-industry competition has propelled the interest, adoption, and obtainment of various security certifications, to include ISO 27001, and the age of acquisitions in the never-ending...
Read More
Shane York

Enterprise Compliance Panel Discussion: Certification Pitfalls and Lessons Learned (E12b)

Our panel of experts from industry and government provide case studies on the challenges they have encountered in gaining ISO 27001 certifications. Audience members will benefit from hearing about the...
Read More
Neil Witek
Heather Reis
John Linkous
Willibert Fabritius

Beyond Asset-Based Risk (E13a)

Enterprise Security Standards of today typically prescribe the creation of “asset-based” risk assessments to protect their enterprise information. Today’s multi-vector threat landscape requires us to think of risk in a...
Read More
Andrea Hill
Angela Osborne

GDPR: Beyond the Talk, Let’s Get to Execution (E13c)

GDPR is climbing to the top of enterprise priorities, but much of the buzz fails to capture even a fraction of the technical challenges ahead. For example, GDPR does not...
Read More
Michael Powell
Day 2
09 Oct 2018

Cloud Compliance Keynote: Security & Compliance: A Driving Force Behind Moving to the Cloud (C11a)

With greater resiliency, elasticity, visibility, automation, and the availability of emerging technologies such as artificial intelligence and machine learning, security professionals can exceed their highest security and compliance objectives with...
Read More
Michael South

How Do I Get Started With FedRAMP? (C11b)

Many organizations have solutions that can meet a variety of federal IT needs. However, due to either having no prior federal experience or minimal experience in providing on-prem solutions they...
Read More
Martin Rieger
Kris Martel

Assessment and Compliance for the Cloud (C11c)

Over the past five years, “Cloud Computing” has revolutionized how organizations do computing. It has driven a transformation from enterprise datacenters filled with servers to enterprise applications hosted in mega-facilities...
Read More
Chris Williams
Siobhan Moran

Taking Compliance to the Cloud (Tools and Techniques Using ISO Standards) (C12a)

To certify cloud applications organizations have to change. Traditional data center audits (PCI, HIPAA, FISMA, ISO 27001) are challenged by the risks, management and security boundaries presented by moving commercial...
Read More
Tim Weil

Considering a Dramatically Different Paradigm to Ensure Security; How the Dynamic and Abstracted Infrastructure can be More Secure than Ever (C12b)

Cloud security, and by extension compliance are challenged by an ever-evolving threat landscape. The dynamics are constantly in flux and it can be a never-ending, unwinnable battle. What if we...
Read More
Ranil Dassanayaka
Robert Ames

Cloud Compliance Panel Discussion: Should There be a Standard International Reference Architecture to Make Cloud Compliance Easier? (C13b)

Cloud compliance is a relatively new endeavor, and, as such, policy-makers are still working toward identifying consistent and broad-reaching standards for implementation and security. Join our panelists as they discuss...
Read More
Anthony Valentine
Mark Houpt
Martin Rieger

Data Protection: Security In The Cyber Environment (D20b)

Cyber security and data protection is not about the adversary. The same techniques that protect against credit card scammers will protect against political information hackers. While the actors matter, ultimately,...
Read More
Henry Sienkiewicz

Introducing ISO/IEC 27552 Privacy Information Management System (D20c)

ISO/IEC 27552, better known as PIMS in standard development community, is a privacy extension to ISMS. It is designed as a certification standard to enable demonstration of privacy policy/regulatory compliance...
Read More
Alex Li

Minimizing the Impact of Data Breaches in Dev and Test Databases (D21a)

According to Gartner, more than 80% of companies use sensitive data for non-production in development environments for more reliable testing. For the hacker, non-production environments are a tempting target as...
Read More
Steve Jones

Adapting GDPR Requirements to Meet NIST 800-53 Rev. 5 (D21b)

GDPR is the latest compliance requirement going into effect (as of May 2018) that will be a game-changer for all businesses harvesting or interacting with data originating in the European...
Read More
Tim Lowman

Digital Data in the Age of “The Breach” (D21c)

In the age of digital data our society has taken a rather laissez-faire attitude toward personal information. We think nothing of providing our Social Security number to credit bureaus and...
Read More
Kelly Kuchta

Data Privacy: GDPR and Beyond (D22a)

Almost six months have passed since the GDPR came into force. What have been some of the biggest challenges leading up to GDPR but also during its first half year?...
Read More
Christoph Luykx

Data Privacy Panel Discussion: Data Privacy Compliance Issues Worldwide (D22b) 

Data privacy presents different challenges to different industry verticals. Government, financial services, insurance, health care, and Internet of Things manufacturers all have issues specific to their own implementations. Join our...
Read More
Tony Hadley
Christopher Stevens

Security & Compliance Certification – The Hype, Hope & Harsh Reality (R21c)

Managing the security and compliance requirements from federal and state agencies and other third parties can be a daunting task. The activities consume a considerable level of energy, expense, and...
Read More
John Sapp
Day 2
10 Oct 2018

ISO 27000 Certification Helping Organizations in GDPR Compliance (R20b)

The information security management system as defined by ISO 27000 lays the foundation for data privacy. Annex controls of ISO 27000 standard provides the basic control to build a secured...
Read More
Sanjay Basu
Neelov Kar

The ISO 27000 Ecosystem (R20c)

While ISO 27000 and ISO 27001 are the most recognized standard are many other Standards in the Ecosystem and this presentation will provide an introduction to these other standards.
Willibert Fabritius

Optimizing Compliance Management using Regulatory Libraries and Mappings: A Perspective on Data Security and Privacy Compliance (R21a)

Managing regulatory and compliance risk is a constant challenge for organizations subject to data security and privacy regulations/standards. The current pace of regulatory change is extremely high, which poses added...
Read More
Steve Crutchley
Brian Alexander

Cross Compliance on a Budget—Strategies for Addressing Multiple Regulatory Frameworks without Breaking the Bank (R21b)

Ask any governance or compliance professional and they’ll tell you that the days of having “regulated” vs. “unregulated” industries is over.  In fact, most companies have multiple, potentially overlapping regulatory...
Read More
Ed Moyle

Blockchain and GDPR – How do you forget what cannot be forgotten? (R22a)

DPR has an inherent “right of erasure”, or the right to be forgotten. A person has the right to request that their data be removed from processing, storage, or use....
Read More
Joshua Marpet
Scott Lyons

A Frankenstinean Approach to an Information Security Management System: Implementing ISO 27001 with the CIS CSC (R22b)

The CIS CSC controls are designed to prevent breaches, but there is no current means to be audited as compliant with this standard and prove that it was implemented effectively....
Read More
Walter Williams