Transcription
CONFERENCE PROGRAMGOLD SPONSORSSILVER SPONSORSOCTOBER 9-11, ROCKVILLE, MARYLAND
Save the Date:October 9thMeet BSI’s Katie Warlickand Willibert Fabritius& Discover how theInformation SecurityManagement Standardcan meet yourorganization’s needs!9:00 am in theTwinbrook Room.Willibert Fabritius and BSI’sNeelov Kar will give you theauditor’s perspective of“Typical Issues whenImplementing an ISO 27001Management System andHow to Avoid Them”.1:20 pm as part of theEnterprise ComplianceTrack in Plaza 1.
INTRODUCTIONSponsoring OrganizationsThe Certified InfoSec Conference would not be possiblewithout the support of these organizations.Introduction & Sponsors . 1Agenda . 2Speakers . 6Sponsors . 10Title SponsorsGOLD SPONSORTable of ContentsGOLD SPONSORProgram CommitteeDave Anders, SecuraStar (Chair)Allan Calder, ITGovernanceSILVER SPONSORSILVER SPONSORSILVER SPONSORJohn DiMaria, BSI (Chair)Willibert Fabritius, BSI (Chair)David Henkel, TechnatomyCarlos Horna, GDTILeading SponsorsWATER SPONSORBADGE SPONSORExhibitorsBAG SPONSORMaria Hoton, EmeSecEva Kulper, Hewlett PackardEnterpriseJimmy Sanders, ISSABill Rutledge, Certified InfoSecConference (Chair)Vern Williams, Dell SecureWorks(Chair)Walt Williams, Lattice EnginesRichard Wilshire, Zygma LLCConference StaffBill Rutledge, Project Director,1.212.866.2169,bill@ISO27001.comNikki Principe, OperationsManager, 1.571.249.5680,nikki@cnxtd.comSupporting SponsorsHilton Washington DC Rockville, MD1
AGENDAConference AgendaDetailed session descriptions are online at Certinfosec.orgCISC & 27K Security Summit will Enterprise Compliance (EC)be presented in four tracks onwill cover issues related to ISMSimplementation within the organTue and Wed:izationOrganizational Resilience andCyberdefense track (OR) willcover issues related to businesscontinuity and intrusion responseCloud Compliance track (CL)will cover special issues relatedto security and privacy for cloudorganizationsWorkshops (W) Four intensivehalf-day workshops willbe presented on MondayCross-Compliance track (CR)will cover issues related to theefficient management of multiplecertified security frameworks.Two-Day Training/Exam Sessions (E) Two training sessionswill be presented on Thursdayand Friday.Plenary Sessions (P) Industryoverview topics are presented atthe beginning and end of theconference.Monday, October 98:00Registration (Foyer)WorkshopsTwinbrook Room9:00WK01a. Introduction to ISO/IEC 27001 Information Security Management, Willibert Fabritius,Assistant Vice President, BSI & Katie Warlick, Business Development Manager, BSI12:30Lunch13:30WK02a. What to Expect When You’re ExpectingYour First ISO/IEC 27001 Certification Audit,Timothy Woodcome, Director, NQA17:00Conference Session AdjournsWorkshopsMontrose RoomWK01b. Understanding ISO 22301—Purpose andImplementation, Bob Cohen, ISO 22301 PracticeManager, Pivot Point SecurityWK02b. Introduction to Cross Compliance: Managing Multiple Information Security Standards,Erez Avidan Antonir, VP Business Development, Project HostsJoin the Conversation on TwitterConference PresentationsPresentations will be available after theconference at Certinfosec.orgPassword: *******# CertInfoSecConfDine-Around DCWiFi Access1. Connect to “Hilton Meeting” 2. Open your browser3. Enter PIN: CISCWiFi is provided by PSAV/Hilton. CISC is not responsiblefor WiFi service.2Join your colleagues at CISC for Dine-Around DC. Onthe evening of Tuesday, October 10, you can enjoy aninformal, prix-fixe dinner at a group table in thecompany of other professionals at one of Rockville’sfinest restaurants . Stop by the registration desk formore info.Certified InfoSec Conference October 9-11, 2017
AGENDATuesday, October 10Detailed session descriptions are online at Certinfosec.orgPlenary Session9:00Plaza I & IIPlenary Session, Welcome and Introduction, Bill Rutledge, Project Director, CISC2018Pushing Computers to the Edge: Next Generation Security and Privacy Controls Supporting Systems, Organizations, and the Internet of Things, Ron Ross, Fellow, NISTCyber Security in Today’s Hybrid Virtual World, Susie Adams, Chief Technology Officer, Microsoft Federal10:20Networking Break, Exhibits Open (Plaza III)Enterprise Compliance (EC)Plaza IOrganizational Resilience andCyberdefense (OR)Plaza II11:00Cybersecurity Compliance: Less Pain, More Automation (EC12) Gib Sorebo, Chief CybersecurityTechnologist, LeidosISO 22301 Business Continuity Management: CaseStudies and Best Practices (OR12) George Huff,Director of Consulting, The Continuity Project11:40ISO 27001: The Global Cyber Security ComplianceFramework (EC13) Alan Calder, Founder & ExecutiveChair, IT Governance LtdISO 22301 Business Continuity Basics and Actionable Insights (OR13) Bob Cohen, ISO 22301 PracticeManager, Pivot Point Security12:20Lunch in Exhibits (Plaza III)13:20Typical Issues When Implementing an ISO 27001Management System, and How to Avoid Them(EC14), Willibert Fabritius, Assistance VP, BSI andNeelov Kar, Lead Auditor, BSI GroupAssess Your Vendors.Before It's Too Late! (OR14)Charlie Miller, SVP, Shared Assessments , The Santa FeGroup/Shared Assessments14:00Clause 4—Context of the Organization and How toDetermine a Proper Scope of Registration (EC15)David Anders, Managing Partner, SecuraStar.com,iCertWorks.com, ISOmanager.comYou Know They Were Here But WHY? (OR15)Kelly J. Kuchta, CEO & Founder, Forensics ConsultingSolutions, LLC14:40Networking Break in Exhibits (Plaza III)15:00Determining Scope of Your Information SecurityManagement System (EC16) John Laffey, PerryJohnson Registrars15:20ISO 27001 Audits—"A View from the CustomerSide" (EC17) Christine Ishak, Senior Manager, Deloitte15:40A Case Study of lessons learned and benefits of anISO 27001:2013 implementation (EC18) Kris Martel,Chief Information Security Officer, EmagineIT16:00Networking Break in Exhibits (Plaza III)16:20Case Study: ISO 27001/27002 Security Frameworkand Controls Implementation (EC19) John Linkous,Founder & CEO, InterPoint Group17:00Welcome Reception in Exhibits (Exhibits Open, Plaza III, ends at 18:30) Dine-Around DC (See page 2)Hilton Washington DC Rockville, MarylandIntrusion to Detection: Establishing an EffectiveResponse (OR16) [40 Min] Edward Beesley, GlobalHead of IT and Digital Services for the CBE Business,SGSPerspectives on Organizational Resilience (OR18)Chloe Demrovsky, President & CEO, DisasterRecovery Institute InternationalThe Art of Cyber Conflict (OR19) Henry Sienkiewicz,Open Travel Software3
AGENDAWednesday, October 11Cloud Compliance (CL)Detailed session descriptions are online at Certinfosec.orgPlaza ICross-Compliance (CR)Plaza II9:00Lesson and Strategies: Moving to Cloud Servicesand Shared Services (CL20) Benjamin Bergersen,Chief Information Officer, U.S. Trade andDevelopment AgencySurveying the Landscape (CR20) Richard Wilsher,Founder & CEO, Zygma LLC9:40Cloud Compliance Certifications and The RoadAhead (CL21) Erika Voss, Head of InformationSecurity, Risk, and Compliance, Zillow GroupMerging ISO 27001, NIST 171 and other DFAR andRegulatory Requirements (CR21) Lisa Dubrock,Managing Partner, Radian Compliance, Michelle Farr,CEO, Zofia Consulting, and Ruth Sherrill, Manager,Cotracts Dynamis10:20Networking Break in Exhibits (Plaza III)10:40Cloud Compliance and CSA STAR (CL22) KatieLewin, Federal Director, Cloud Security AllianceManaging Cyber Security Gaps of ISO/IEC 27001for Clients Requiring DFARS (800-171) Compliance(CR22) Maria Horton, CEO/President, EmeSec11:20ISO27001 in a Cloud Environment—The EasyWay (CL23) Chris Hall, Director, BusinessTechnology Risk Partners (BTRP)Harmonizing SOC 2 and ISO 27001 (CR23) RyanMackie, Principal, ISO Practice Director Schellman &Company12:00Lunch in Exhibits (Plaza III)13:00Providing Assurance Through FederalCertifications for FISMA and NIST SP 800-53Security Controls (CL24) Shashi Karanam, SeniorCertifications Consultant, Corsec SecurityGDPR Weaving a Data Protection Culture into theFabric of Your Business (800-171) Compliance(CR24) Shane Ryan, EVP of Professional Service, BSIGroup13:40ISO 27001 and ISO 27018 in Cloud ServiceEnterprises (CL25) Michael Fuller, Director, CoalfireISO 29100 and Privacy (CR25) Eric Lachapelle, CEO,PECB14:20Networking Break in Exhibits (Plaza III—Exhibits Close at 14:40)14:40Inside the DHS Study on Mobile Device Security,a 2017 Report to Congress (CL26) Joshua Franklin,IT Security Specialist, NIST and Vincent Sritapan,HSARPA Program Manager, US Department ofHomeland Security15:20Networking Break (Foyer)15:30Summary Panel Discussion: InfoSec Risk Assessment (P27) (Plaza I)This panel discussion will focus on fundamental questions about why do we do risk analysis and risk assessment. What isthe most effective risk analysis/risk assessment in the field and why? We’ll consider a range of risk assessmentmethodologies including NIST Risk Assessment, BITS, Octave, 3100 ERM, Cloud Security Risk, and more. The summarypanel session topic was chosen by a survey of conference participants. Moderator: Willibert Fabritius, Assistant VicePresident, BSI; Panelists: Dave Anders, Managing Partner, SecuraStar; Bob Cohen, ISO 22301 Practice Manager, PivotPoint Security; Richard Wilshire, Founder & CEO, ZygmaSooner Than You Think: Quantum Computing andthe Reinvention of Security (CR26) Mike Brown, CTO,ISARA CorporationThursday-Friday, October 12-13: Two-Day Training/Exam SessionsSeparate registration required. Check at registration desk for more information and location of sessions.4Certified InfoSec Conference October 9-11, 2017
SGS Group Management SA – 2017 – All rights reserved - SGS is a registered trademark of SGS Group Management SAHOW SECURE IS YOURCUSTOMER DATA?DON’T TAKE THAT RISK. SGS CAN HELP YOUR STAND OUT FROM THE COMPETITION BYIMPLEMENTING A STRONG INFORMATION SECURITY MANAGEMENT SYSTEM. STOP BY OURTABLE AT THE CONFERENCE FOR MORE INFORMATION.SGS IS THE WORLD’S LEADING INSPECTION, VERIFICATION, TESTING AND CERTIFICATION COMPANY
SPEAKERSSpeakersSpeaker biographies are online at Certinfosec.orgSusie AdamsAlan CalderChief Technology Officer,Microsoft FederalFounder & Executive Chair, ITGovernanceKeynote PL11bEC13David AndersBob CohenManaging Partner, SecuraStarISO 22301 Practice Manager, PivotPoint SecurityProgram Committee Chair &EC15Erez Avidan AntonirChloe DemrovskyVP Business Development ProjectHostsPresident & CEO, DisasterRecovery Institute InternationalWK02bOR18Edward BeesleyLisa DubrockGlobal Head of IT and DigitalServices for the CBE Business,SGSManaging Partner, RadianCompliance, LLCOR16Benjamin BergersenChief Information Officer, U.S.Trade and Development AgencyCL20Mike BrownCTO, ISARA CorporationCR266WK01b & OR13CR21Willibert FabritiusAssistant Vice President, BSIProgram Committee Chair,WK01a & EC14Michelle FarrCEO, Zofia ConsultingCR21Certified InfoSec Conference October 9-11, 2017
SPEAKERSJoshua FrankinShashi KaranamIT Security Specialist, NationalInstitute of Standards andTechnologySenior Certifications Consultant,Corsec SecurityCL26CL24Kelly KuchtaMichael FullerDirector, Coalfire ISOCL25CEO & Founder, ForensicsConsulting Solutions, LLCOR15Chris HallEric LachapelleChris Hall, Director, BusinessTechnology Risk Partners (BTRP)Chief Executive Officer, PECBCL23Maria HortonCISSP, ISSMP, IAM, CloudEssentials, CEO, EmeSecCR25John LaffeyPerry Johnson RegistrarsEC16CR22George HuffDirector of Consulting, TheContinuity ProjectOR12Katie LewinFederal Director, Cloud SecurityAllianceCL22John LinkousChristine IshakSenior Manager, DeloitteEC17Founder and CEO, InterPointGroupEC19Ryan MackieNeelov KarLead Auditor, BSIEC14Hilton Washington DC Rockville, MarylandPrincipal, ISO Practice Director,Schellman & CompanyCR237
SPEAKERSKris MartelGib SoreboChief Information Security OfficerEmagine ITChief Cybersecurity Technologist,LeidosEC18EC12Charlie MillerVincent SritapanSVP, Shared AssessmentHSARPA Program Manager, USDepartment of Homeland SecurityOR14CL26Ron RossErika VossFellow, National Institute ofStandards and TechnologyHead of Information Security,Risk, and Compliance, ZillowGroupPL11aBill RutledgeProject Director, CISC17Program Committee ChairShane RyanEVP of Professional Services,Information Governance, BritishStandards Institute (BSI)CL21Katie WarlickBusiness Development Manager,BSI GroupWK01aRichard WilshireFounder & CEO, ZygmaPartnershipCR24CR20Ruth SherrillTimothy WoodcomeManager, Contracts, Dynamis, IncDirector, NQA, USACR21WK02aHenry SienkiewiczOpenTravel SoftwareOR198Certified InfoSec Conference October 9-11, 2017
ISO 27000 Training ISO 27001 Lead AuditorISO 27001 Lead ImplementerISO 27005 Risk MgrISO 27032 Cyber Security MgrISO 27035 Lead Incident MgrISO 27001 Implementation Clause 4-10 implementationRisk AssessmentStatement of ApplicabilityPolicies, Processes, ProceduresBusiness Continuity PlansISO 27001 Audits ISO 27001 Gap Assessment3rd Party / Vendor / Supplier AuditsISO 27001 Internal AuditISO 27001 Certification Audits (iCertWorks)ISO 27001 Software Clause 4-10 NavigationRisk AssessmentTask Management SystemGRC Compliance(FISMA, HIPAA, PCI, CSA, etc)Contact us Today!855-476-2701www.SecuraStar.com
SPONSORSExhibit Floor Plan2. BSI, Gold Sponsor3. SecuraStar, Silver Sponsor4. DNV-GL, Silver Sponsor5. SGS, Badge Sponsor6. Emagine IT, Gold Sponsor8. ICertWorks, Silver Sponsor9. Standard Fusion GRC10. Dekra, Water Bottle Sponsor1011. EmeSec12. Perry Johnson Registrars13. Pivot Point Security14. CoalFire, Bag Sponsor15. Project Hosts17. Whitewood18. NQA19. Vantage Point20. DQSCertified InfoSec Conference October 9-11, 2017
SPONSORSSponsors & ExhibitorsEvent SponsorAssociation Sponsoratsec informationsecurityCloud SecurityAlliance (CSA)United Stateswww.atsec.comCloudsecurityalliance.orgatsec information security is an independent, privatelyowned company that focuses on providing laboratoryand consulting services for information security. Weaddress commercial and government sectors around theworld. Our consultants are expert in a variety oftechnologies including operating systems, databases, andnetwork devices. Our laboratories specialise in evaluatingand testing commercial products, using internationalstandards to help provide assurance to end-users aboutthe products they buy and use. We focus on assistingorganizations, large and small, achieve compliance withstandards such as Common Criteria, FIPS 140-2, OTTPS, PCI, ISO/IEC 27001 and FISMA and offer avariety of services that complement that goalGold Sponsor, Booth 2BSIUnited Stateswww.bsigroup.comBSI’s legacy of making excellence a habit has made usa leading global provider of services designed to protectand grow businesses of every size and in every sector.Our technical experts, global presence, and long historymeans we can provide clients around the world with anunsurpassed level of service and a unique productportfolio. We enhance an organization’s managementsystem by understanding and helping to solve problemsusing our full suite of services–Training, Assessment, andBusiness Improvement Software. At BSI, the power ofour portfolio, expertise, and passion can provide thegateway to excellence inside an organization.Hilton Washington DC Rockville, MarylandThe Cloud Security Alliance (CSA) is the world’s leadingorganization dedicated to defining and raising awarenessof best practices to help ensure a secure cloud computingenvironment. CSA harnesses the subject matter expertiseof industry practitioners, associations, governments, andits corporate and individual members to offer cloudsecurity-specific research, education, certification, eventsand products. CSA’s activities, knowledge and extensivenetwork benefit the entire community impacted bycloud—from providers and customers, to governments,entrepreneurs and the assurance industry—and provide aforum through which diverse parties can work togetherto create and maintain a trusted cloud ecosystem.Bag Sponsor Booth 14Coalfire SystemsUnited Stateswww.coalfire.comWe are a group of technology professionals that startedin 2001 with a simple idea – cyber threats are increasing,compliance mandates are getting more complicated, anda well-designed cyber risk management program is yourbest line of defense. We’ve been rethinking riskmanagement and compliance ever since. Coalfire helpsorganizations comply with global financial, government,industry and healthcare mandates while helping build theIT infrastructure and security systems that will protecttheir business from security breaches and data theft. Thecompany is a leading provider of IT advisory services forsecurity in retail, payments, healthcare, financial services,higher education, hospitality, government and utilities.Coalfire professionals use a combination of ITexperience, expertise and intelligence to independentlyaudit and evaluate your entire IT infrastructure todetermine what your actual risks are, help you understandhow to protect your business assets, and what resourcesyou need to quickly identify and respond to securitythreats.11
SPONSORSWater Sponsor, Booth 10DEKRADekra.comDEKRA Certification is a global registrar formanagement system standards, including ISO 9001, ISO14001, ISO 13485, AS 9100, ISO 50001, IATF 16949,ISO 27001, and more. DEKRA Certification is one ofthe world’s leading expert organizations, active in over 70countries throughout the globe. With their newestacquisition, AQS Solutions, DEKRA is able to provideone stop for all certification and training needs.Silver Sponsor, Booth 4DNV-GLUnited Stateswww.dnvgl.comDriven by our purpose of safeguarding life, property andthe environment, DNV GL enables organizations toadvance the safety and sustainability of their business.We provide classification, technical assurance, softwareand independent expert advisory services to themaritime, oil & gas and energy industries. We alsoprovide certification services to customers across a widerange of industries. Combining leading technical andoperational expertise, risk methodology and in-depthindustry knowledge, we empower our customers’decisions and actions with trust and confidence. Wecontinuously invest in research and collaborativeinnovation to provide customers and society withoperational and technological foresight. Operating inmore than 100 countries, our professionals are dedicatedto helping customers make the world safer, smarter andgreener.Booth 20DQS, IncUnited Stateswww.dqsus.comDQS is the preferred partner for assessments andcertifications of management systems, withapproximately 50,000 certification sites supportedglobally. We are committed to Information Security,Information Technology and Business Continuity in oursupport of non-certification, process-driven development12projects along with ISO 27001, ISO 20001 & ISO 22301registrations. UL DQS belongs to the top group ofinternational management certification bodies with morethan 2,300 auditors in over 100 countries. We value yourbusiness and remain committed to our customer focusand technical excellence. We look forward to theopportunity to partner with you in achieving yourbusiness objectives.Gold Sponsor, Booth 6Emagine ITUnited Stateswww.eit2.comFounded in 2002, EIT is an Information Technology(IT) Consulting Services company that specializes indelivering technology solutions to meet the needs ofclients. Our organization excels at providing a multitudeof services including management, consulting, solutionsengineering, system integration, and IT advisory services.EIT provides strategic leadership and execution on allfacets of cybersecurity leadership including Assessment& Authorizations (A&A), Advisory Services, andPenetration testing. Our reputation reflects the highquality of the talented EIT team and the consultantsworking for our clients. EIT has conducted more than1,000 federal assessments, focusing on regulatory andcompliance requirements such as FedRAMP, HealthInsurance Portability and Accountability Act (HIPAA),the FISMA, and the Risk Management Framework(RMF). Our team specializes in technical advisory toinclude: System Documentation – development ofpolicies, plans and procedures for FedRAMP, NISTAdvisement – ensuring your cloud service meets NISTguidelines, DoD A&A – over ten years of DoDAssessment & Authorization experience, PenetrationTesting – execute deliberate attacks to test systemintegrity, Vulnerability Assessments – perform scans onsystems to identify vulnerabilities, and ApplicationSecurity Testing – detect security holes in software andapplications.Booth 11EmeSecUnited Stateswww.emesec.netEmeSec is focused on improving a client’s effective useof technology to deliver agency mission/programs whileCertified InfoSec Conference October 9-11, 2017
SPONSORSmitigating cyber security vulnerabilities and risks.Founded as an Information Assurance (IA) business,EmeSec included a variety of advisory and assistanceconsulting, technical support, project development, andgeneral engineering services. EmeSec gainedcertifications as a means of improving performance,showcasing the strong business management of thecompany, and obtaining compliance with what somegovernment agencies required in larger and larger RFPs.As the cloud infrastructure and the need for SystemSecurity Engineering across the technology spectrum ofcloud, mobile, and legacy system migration continues toexpand, EmeSec has positioned itself to provide cloudsecurity expertise that combines agile engineering anddevelopment efforts with an eye to the cyber and privacythreats that systems will inevitably face duringdeployment.Silver Sponsor, Booth 8iCertWorkswww.icertworks.comiCertWorks is an international ISO management systemaccredited training and certification organization.iCertWorks also offer ISO 27001 Certification servicesthrough PECB (IAS Accreditation). To offer you aquote, we will need an application filled out and a definedscope statement with number of employees in scope andnumber of locations in scope. We have been performingISO 27001 Certification Audits for over 5 years and alsooffer Certification services for ISO 9001, etc.project governance, regulation and compliance, and haveevolved a range of leading-edge tools for IT governance,information security and regulatory compliancepractitioners, available through the online shop on thissite. We approach IT governance, regulatory complianceand information security issues from a managementperspective and are committed to engaging businessleaders in developing and implementing information,ICT regulatory compliance and information securitystrategies that enable their businesses to competeeffectively in the global information economy.Booth 18National QualityAssurance (NQA)United Stateswww.nqa.comYour Partner for Organizational Success: You are notjust selecting a Registrar, you are selecting a partner inyour quest for success in the marketplace. NQA’sstrategy for success is to maintain core values based oncredibility, professionalism, integrity, communication andcompetent registrations for all clients. Our goal is toexceed our clients’ expectations. We continuouslymaintain sufficient auditor resources which allow us tominimize typical lead times to a few weeks, utilizinghighly trained and experienced local auditors.Additionally, your NQA partnership brings you access tovaluable informational updates and resources, throughour e-newsletters and network of training partners.Association SponsorBooth 12IT GovernancePerry JohnsonRegistrarswww.itgovernanceusa.comIT Governance is a unique organisation. The companywas founded in April 2002 to source, create and deliverproducts and services to meet the real-world, evolving ITgovernance needs of today’s organizations, directors,managers and practitioners. Our objective is to make thissite the one-stop-shop for comprehensive corporate andIT governance information, advice, guidance, books,tools, training for the American market. We have beeninvolved in designing, and successfully implementing,cost-effective ISO 27001 information securitymanagement systems since the standard was firstpromulgated. We write and publish extensively on ITgovernance subjects, including IT service management,Hilton Washington DC Rockville, MarylandUnited Stateswww.pjr.comPerry Johnson Registrars, Inc. is a fully accredited ISO27001 registrar that operates with the client’s bestinterests in mind. PJR’s auditors receive continuingprofessional development training in order to link yourcustomer’s objectives with your process performancemeasurables. The focus on your organization’s need tomeet or exceed customer expectations is why PJR shouldbe your Registrar. Check us out at www.pjr.com orcontact us at 1-800-800-7910 for more information onhow PJR can become your partner in certification!13
SPONSORSBooth 15Trust and Assurance (STAR) assessments and otherprograms, as well as supplier audits.Project HostsUnited Stateswww.pivotpointsecurity.comThe ISMScloud Service was created by Project Hosts,Inc, a recognized leader in managed cloud services andhosting that is both ISO 27001 and FedRAMP SaaScompliant. Founded in 2003, the company has servedthousands of enterprise customers and governmentagencies with highly secure, customized and standardsbased cloud solutions. Now, to help other companiessecure their information management system and achievetheir ISO 27001 certification, we’ve taken our knowledgeand expertise and created an online service to simplify,speed and essentially ensure that you’ll pass thecertification process. We did!Silver Sponsor, Booth 3SecuraStarUnited Stateswww.securastar.comSecuraStar is a niche consulting firm specializing ininformation security management systems (ISMS). Ouryears of experience and expertise in ISO 27001consulting has resulted in international recognition of ourproducts and services.Badge Sponsor, Booth 5SGS North AmericaUnited Stateswww.sgsgroup.us.comSGS is the world’s leading inspection, testing andcertification company and recognized as the globalbenchmark for quality and integrity. With more than89,000 employees in 130 countries, SGS works withmore than half of Fortune 500 companies but also withSMB organizations looking to enhance their business.SGS supports clients in opening up new businessopportunities with information security consciouscustomers. SGS performs pre-assessment andcertification audits to ISO 27001 for InformationSecurity Management Systems, ISO 20000 for IT ServiceManagement, ISO 22301 Business ContinuityManagement, Cloud Security Alliance (CSA) Security,14Booth dFusion was built to help organizations of allsizes simplify the complexities of GRC (governance, riskand compliance). It sets out to eliminate high costs ofimplementation and operation, adding value to thebottom line by reducing risk and disruption before ithappens and reduce complexity wherever possiblethrough technology and automation. StandardFusion is aSaaS management platform that can manage complianceto just about any standard. StandardFusion becomes thesingle source of truth, or system of record, for theircompliance programs. With licensing agreements withthe AICPA, Standards Council of Canada (ISO/IEC),PCI, and BSI, StandardFusion supports most standardsstraight out of the box. This includes HIPAA,FEDRAMP, NIST, ISO, PCIDSS, and SOC1/2, just toname a few.Booth 19Vantage PointUSAwww.thevantagepoint.comVantagePoint offers a security solution and consultingexperts you need to help you enhance your securityposture, reduce your risk, and facilitate complianceefforts. Our security product enables you to measure andmonitor your security posture and detect threats acrossclouds and operating systems across five securityverticals: file integrity monitoring, log analysis,vulnerability management, reputation analysis, andsecurity configuration baseline analysis. Our consultantsare seasoned, highly certified security veterans who canhelp you assess your security program, understand yourgaps, pursue certification, test and improve your securitydefenses, design and develop security programs andarchitecture, and lead key security initiatives on yourbehalf.Certified InfoSec Conference October 9-11, 2017
SPONSORSBooth 17WhitewoodUSAwhitewoodsecurity.comWhitewood uses quantum mechanics to optimizerandom number generation across cloud, data centers &IoT devices. Without true randomness applications thatrely on crypto are at risk. Whitewood’s award-winningproducts and cloud service address entropy starvationwhere sources of randomness are scarce & unreliable.Try free quantum entropy at getnetrandom.com.Your ConferenceBadge is a DigitalBusiness CardBadge/Lanyard SponsorUse any smart phone or pad QRcode scanning app to retrieve complete contact informationMany free QR code scanning apps areavailable. The following app is highlyrated in many app stores:ScanLife by ScanBuy Inc. on Android, iOS,BlackBerry, Nokia Ovi, Windows PhoneWe make no representations or warranties regarding thefunctionality or performance of any third party softwareHilton Washington DC Rockville, Maryland15
PECB “2017 Reseller fo the year”ISO Training & Certification for “Individuals”ISO 22000—IT Service Management Systems (ITSMS) ISO 22301 Lead Auditor ISO 22301 Lead ImplementerISO 22301—Business Continuity Management Systems (BCMS) ISO 22301 Lead Auditor ISO 22301 Lead ImplementerISO 27001—Information Security Management Systems (ISMS) ISO 27001 Lead Auditor ISO 27001 Lead Implementer ISO 27005 Risk Mgr ISO 27032 Cyber Security Mgr ISO 27035 Lead Incident Mgr*Over 50 ISO Training Classes Available!ISO Certification for “Organizations” ISO 9001—Quality Management Systems (QMS)ISO 20000—IT Service Management Systems (ITSMS)ISO 22301—Business Continuity Management Systems (BCMS)ISO 27001—Information Security Management Systems (ISMS)ISO 30001—Enterprise Risk Management (EMS)*Over 20
CISSP, ISSMP, IAM, Cloud Essentials, CEO, EmeSec CR22 George Huff Director of Consulting, The Continuity Project OR12 Christine Ishak Senior Manager, Deloitte EC17 Neelov Kar Lead Auditor, BSI EC14 Shashi Karanam Senior Certifications Consultant, Corsec Security CL24 Kelly Kuchta
