The 27K Security Summit will be presented in three tracks on Tue and Wed: Getting Started (G) For those who are new to these standards, or topics of general interest Implementation (T) For those who directly manage the implementing technologies behind these standards Enterprise Issues (M) For those who propose, plan, and direct the implementation of these standards
Special-focus content before and after the Summit fills out five days of activity: Plenary Sessions (P) Industry overview topics are presented at the beginning and end of the conference. Workshops (W) Four intensive half-day workshops will be presented on Mon. Two-Day Training/Exam Sessions (E) Two training sessions will be presented on Thu and Fri.

September 26, 2016

08:00 – 09:00 Registration (Foyer)
09:00 – 12:30 Workshops

Workshops (Salon A&B) Workshops (Salon C&D)
09:00 W01a. Introduction to ISO/IEC 27001, Dave Anders, Managing Partner, SecuraStar W01b. What to Expect When You’re Expecting You First ISO/IEC 27001 Certification Audit, Timothy Woodcome, Director, NQA, USA
12:30 – 13:30 Lunch (Salon E)
13:30 – 17:00 Lunch (Salon E)

Workshops (Salon A&B) Workshops (Salon C&D)
13:30 W02a. Integrated BCP and ISMS Following ISO/IEC 27K and 22301, Vern Williams, CISSP, CISA, ISSEP, CSSLP, CBCP, ISAM, CCSK, Lead Instructor, Security Practicioner Course, Austin Community College W02b. Using SCAP Security Content Automation to Electronically Secure Your Systems to ISO/IEC 27001 in 1 Minute, David Cannon, President & CEO, CertTest

September 27, 2016

08:00 – 09:00 Registration (Foyer)
09:00 – 10:10 Plenary Session, Welcome and Introduction (Salon A-D)

ReavisJP10a. Plenary Keynote Presentation: Security Assurance at the Speed of Cloud, Jim Reavis, Co-founder & Chief Executive Officer, Cloud Security Alliance MaungCP10b. Plenary Keynote Presentation: Cloud Computing User Expectations and Obligations, Crispen Maung, Vice President of Compliance, Box
10:10 – 10:40 Networking Break, Exhibits Open (Salon E)
10:40 – 12:20 Conference Sessions

Getting Started (Salon A&B) Implementation (Salon C&D)
10:40 G11. Keynote: Getting Started with 27K, Dan Timko, President & CTO, Cirrity T11. Keynote: Enhancing Your ISMS Through Enterprise Architecture and Security Engineering, Vern Williams, CISSP, CISA, ISSEP, CSSLP, CBCP, ISAM, CCSK, Lead Instructor, Security Practicioner Course, Austin Community College
11:30 G12. Getting Started: Understanding Section 4, Context of the Organization Requirements, Dave Anders, Managing Partner, SecuraStar T12. Security Metrics—Evaluating the Performance of the ISMS, Jorge Lozano, Senior Manager Cyber Security, PwC
11:55 G13. Getting Started with Third-Party Relationships: Keys to Accelerating Your Growth and Success, Jimmy Sanders, President, ISSA San Francisco Bay Area Chapter T13. Metrics That Not Only Meet What ISO/IEC 27004 Is Looking For But Demonstrate Business Value, Walter Williams, Director of Security and Compliance, Lattice Engines
12:20 – 13:35 Lunch in Exhibits (Salon E)
13:35 – 15:15 Conference Sessions

Getting Started (Salon A&B) Implementation (Salon C&D)
13:35 G14. Getting Started with Information Security Metrics for 27K, Gary Hinson, CEO, IsecT Ltd. T14. Using Open FAIR to Improve Security Spending Decisions, Eva Kuiper, Enterprise Security Services GRC Consultant, Hewlett Packard Enterprise
14:25 G15. Cloud Services, Their Customers, and Compliance, Michael Fuller, Director, Coalfire ISO T15. Risk Management vis-a-vis Annex A Control of New ISO/IEC 27001, Neelov Kar, BSI Group
15:15 – 15:45 Networking Break in Exhibits (Salon E)
15:45 – 17:00 Conference Sessions

Getting Started (Salon A&B) Implementation (Salon C&D)
15:45 G16. ISO/IEC 27040 and Self-Encrypting Storage, Robert Thibadeau, Drive Trust Alliance; Michael Willett, Drive Trust Alliance T16. An Introduction to the New ISO/IEC 27004, “Monitoring, Measurement, Analysis and Evaluation”, Richard G. Wilsher, Founder & CEO, Zygma LLC
16:10 G17. The Role of the Information Security Control (Better Security through Control Identification & Implementation), Shane York, CISA, CRISC, CISSP, ISO-ISMS LI LA, Senior Associate, Schellman & Company; Ryan Mackie, ISO Certification Services Practice Director, Schellman & Company T17. Leveraging ISO/IEC 27001 for Compliance with Multiple Frameworks, Sumit Kalra, Partner, Technology Assurance and Compliance, bpmcpa
17:00 – 18:15 Welcome Reception in Exhibits (Salon E)

September 28, 2016

08:00 – 09:00 Coffee in Exhibits (Salon E)
09:00 – 10:40 Conference Sessions

Enterprise Issues (Salon A&B) Implementation (Salon C&D)
09:00 M20. Keynote: Security Justified—How to Get Your 27001 ISMS Funding, David Cannon, President & CEO, CertTest T20. Keynote: Implementation Issues in the Cloud, Amit Sharma, Partner Solutions Architect, Amazon Web Services
09:50 M21. Why ISO/IEC 27001:2013 is NOT an IT Standard, Sally Smoczynski, Managing Partner, Radian Compliance, LLC T21. NOW is the Time to Assess Your Third Party Vendors!, Tom Garrubba, Senior Director, The Santa Fe Group/Shared Assessments
10:40 – 11:10 Break in Exhibits (Salon E)
11:10 – 12:25 Conference Sessions

Enterprise Issues (Salon A&B) Implementation (Salon C&D)
11:10 M22. ISO 27001
for Emerging EU Data Protection and Cyber Resilience Requirements
, Alan Calder, Founder & Executive Chair, IT Governance
T22. Integrating Third and Fourth Party Risk Management Into Your ISO/IEC 27001 ISMS, John Verry, Managing Partner, Pivot Point Security
12:00 M23. Using PPTM for ISO/IEC 27001 Compliance, Scott Bullock, Information Security Manager, Forcepoint T23. ISO/IEC 27018 Redesigning Privacy in the Cloud, John Dimaria, CSSBB, HISP, MHISP, AMBCI, ISO Product Manager, BSI Group
12:25 – 13:40 Lunch in Exhibits, Exhibits Close at 13:40 (Salon E)
13:40 – 15:20 Conference Sessions

Enterprise Issues (Salon A&B) Implementation Issues (Salon C&D)
13:40 M24. Addressing BCM So You Can Get Back To Your Day Job, Robert Giffin, Co Founder, Avalution Consulting T24. Managing Cyber Security Gaps of ISO/IEC 27001 for Clients Requiring DFARS (800-171) Compliance, Maria Horton, CEO/President, EmeSec
14:30 M25. How Can I Relate ISO/IEC 27001 to My Actual Compliance Requirements?, Craig Isaacs, CEO, Unifed Compliance; Kerry Macinnes, Marketing Director, Unified Compliance T25. Integrating ISO 22301 (Business Continuity) to ISO 27001 (Information Security), Eric Lachapelle, CEO, PECB
15:20 – 15:30 Break (Foyer)
15:30 – 16:30 P26. Summary Panel Discussion: Security in the Cloud (Salon A&B)

There is broad industry interest in “Information Security for Cloud Services.” Companies are moving to IaaS/PaaS/SaaS solutions and it’s becoming a requirement for the IT industry to go for ISO 27018 or CSA STAR certification. Panelists will provide different perspectives on current issues and future challenges for those involved with certified cloud security. Moderator: John DiMaria, ISO Product Director, BSI Group; Panelists: Scott Bullock, CCSK, CISSP, CISM, Information Security Manager, Forcepoint Cloud Services; Alan Calder, Founder & Executive Chair, IT Governance; Jim Reavis, Co-founder & Chief Executive Officer, Cloud Security Alliance; Michael Thiessmeier, Delegate, ISO JTC 1 SC 27

September 29, 2016

09:00 – 17:00 Optional Training/Exam Sessions: Earn Your Certification

SecuraStarE30a. ISO 27005 Risk Manager Course, Presented by SecuraStar MaungCE30b. Advanced Auditing for CSA Star Certification, Presented by BSI

September 30, 2016

09:00 – 17:00 Optional Training/Exam Sessions (Continued)