Author: Ada Haynes
4 downloads 1 Views 5MB Size






The Security Compliance Provider atsec’s consultants add value to standards compliance by working with organizations to implement various compliance requirements into one efficient and effective IT security and risk management system. An optimally-structured system not only allows for straightforward audits and assessments by demonstrable compliance, but also adds value to an organization’s business objectives and operations.

ISO standards compliance atsec has successfully worked with major organizations to create, update and implement Information Security Management Systems that are compliant with ISO/IEC 27001 and 27002 for Information Security Management, ISO/IEC 20000-1 and -2 for IT Service Management, ISO 31000 and ISO/IEC 27005 for Risk Management, ISO 9001 for Quality Management, and many more. atsec consultants have led many customers through successful audits and assessments.

Cybersecurity Frameworks atsec consultants have experience with the standards recommended by the US Cybersecurity Framework, these include ISO standards, NIST Special Pubs, and FIPS standards

Regulatory compliance In many countries, organizations face industry-specific or general regulatory compliance requirements when it comes to secure and reliable operation of their businesses. atsec consultants provide expertise in IT security-related aspects of laws and regulations in many countries. This includes requirements levied by Sarbanes-Oxley, FISMA, and HIPAA in the U.S.; export control rules; privacy and data protection laws; the electronic signature legislation in Europe; and the German Grundschutzhandbuch.

Technical compliance Management aspects and technical aspects of compliance go hand-in-hand in the IT security world. Risks need to be transparent and understood, corresponding policies and procedures for information security management need to be in place, and even the best procedures do not provide any value if their technical implementation is inadequate. atsec consultants possess the technical knowledge and understanding that is necessary to implement and manage IT security and risk in an organization from top to bottom, and the experience to devise information security management programs that are compliant with a multitude of requirements.

The atsec approach In today’s complex business environments, organizations are challenged to demonstrate compliance with multiple mandatory and voluntary standards and best practices for IT security and risk management. atsec’s consultants are skilled to understand even the most complex business environments, and to help an organization develop a management system and practice that not only maintains compliance with multiple standards, but provides for transparent management of IT risks, supporting the organization’s business objectives, and providing a visible return on investment.


Welcome to the 27K Summit It’s an exciting time in the Information Security Management System world. One of the main reasons is Cloud Computing, which has changed the typical security paradigm of server-application-data. The trust model has shifted from the installation at the data center to an entire set of data centers. Today, technology, applications, even entire data centers, are offered as services. Almost everything is available on our mobile devices, through mobile networks, without the knowledge of where the server, the application, and the data reside. In this increasingly mobile environment, assessing security is becoming more challenging. Relying on testing and analysis of source code is not just difficult, but unfeasible due to cost. It is sometimes even impossible if the service being assessed uses other services that might reside on different servers and platforms outside of our knowledge. In order to assure security in such a dynamic and mobile environment we must rely on a set of specific controls and a flexible approach that redefines boundaries and includes in the assessments both the organization and the service offered. The ISO/IEC 27000 series of standards provide this approach. They are also referenced in many of the leading approaches to cybersecurity, including the NIST Cybersecurity Framework, and NIST’s SP 800-53 “Security and Privacy Controls for Federal Information Systems and Organizations” which are widely used in the United States. I’d like to personally welcome each of you to 27K: The Security Summit for the Americas. On Monday we start off with some great workshops ranging from introductory to more advanced topics. On Tuesday and Wednesday there will be speakers on the following three tracks. Getting Started Implementation Enterprise Issues

For those who are new to these standards, or topics of general interest For those who directly manage the implementing technologies behind these standards For those who propose, plan, and direct the implementation of these standards.

There will also be opportunities for networking, receptions for attendees, and exhibits from sponsors. It will all be capped off with a summary panel discussion on “Security in the Cloud.” Consult the rest of this guide for all the specifics. Thank you for attending the summit and bringing your knowledge and experience. We look forward to a great conference with you and hope to see you back in the future.

Table of Contents Welcome ....................................... 1 Sponsors ....................................... 2 Agenda .......................................... 3 Speakers ....................................... 6 Sponsor Profiles ............................ 9

Program Committee Dave Anders, SecuraStar (Chair) Pablo Corona, NYCE John DiMaria, BSI (Chair) Willibert Fabritius, BSI (Chair) David Henkel, Technatomy Ryan Hill, atsec information security (Chair) Carlos Horna, GDTI Ola Jobi, 3M Company Neelov Kar, BSI Fiona Pattinson, atsec information security (Chair) Bill Rutledge, 27K Security Summit (Chair) Vern Williams, Dell SecureWorks (Chair)

Conference Staff Bill Rutledge, Project Director, 1.212.866.2169, [email protected] Nikki Principe, Operations Manager, 1.571.249.5680, [email protected] .

Ryan Hill Program Committee Chair

South San Francisco Conference Center • South San Francisco, California



Sponsoring Organizations 27K Security Summit would not be possible without the support of these organizations.




Leading Sponsors WATER SPONSOR




Supporting Sponsors

Association and Media Sponsors


27K: Security Summit for the Americas • September 26-28, 2016


Conference Agenda

Detailed session descriptions are online at

Getting Started (G) For those who are new to these standards, or topics of general interest

Implementation (T) For those who directly manage the implementing technologies behind these standards

Enterprise Issues (M) For those who propose, plan, and direct the implementation of these standards

Special-focus content before and Plenary Sessions (P) Industry after the Summit fills out five overview topics are presented at days of activity: the beginning and end of the conference.

Workshops (W) Four intensive half-day workshops will be presented on Monday

Two-Day Training/Exam Sessions (E) Two training sessions will be presented on Thursday and Friday.

The 27K Security Summit will be presented in three tracks on Tue and Wed:

Monday, September 26 8:00

Registration (Foyer)


Salon A&B


W01a. Introduction to ISO/IEC 27001, Dave Anders, Managing Partner, SecuraStar


Lunch (Salon E)


W02a. Integrated BCP and ISMS Following ISO/IEC 27K and 22301, Vern Williams, CISSP, CISA, ISSEP, CSSLP, CBCP, ISAM, CCSK, Lead Instructor, Security Practicioner Course, Austin Community College


Conference Session Adjourns


Salon C&D

W01b. What to Expect When You're Expecting Your First ISO/IEC 27001 Certification Audit, Timothy Woodcome, Director, NQA, USA

W02b. Using SCAP Security Content Automation to Electronically Secure Your Systems to ISO/IEC 27001 in 1 Minute, David Cannon, President & CEO, CertTest

Join the Conversation on Twitter

Conference Presentations Presentations will be available after the conference at Password: 27K2016GO!


WiFi Access WiFi access in all areas of the building is provided at a complimentary basic speed of 256Kbps with the ability to increase network speed (bandwidth) at competitive rates.

To Upgrade WiFi upgrades are available for purchase on your mobile device. To purchase an upgrade connect to ‘SSFCC-Upgrade’ and follow the instructions by selecting a ‘Level’ and entering your credit card information. WiFi is provided by the SSFCC. 27K Security Summit is not responsible for WiFi service.

South San Francisco Conference Center • South San Francisco, California



Tuesday, September 27

Detailed session descriptions are online at

Plenary Session 9:00

Salon A-D

Plenary Session, Welcome and Introduction, Ryan Hill, Community Engagement Manager, atsec information security Plenary Keynote Presentation: Security Assurance at the Speed of Cloud, Jim Reavis, Co-founder & Chief Executive Officer, Cloud Security Alliance Plenary Keynote Presentation: Cloud Computing User Expectations and Obligations, Crispen Maung, Vice President of Compliance, Box


Networking Break, Exhibits Open (Salon E)

Getting Started

Salon A&B


Salon C&D


Keynote: Getting Started with 27K (G11) Dan Timko, President & CTO, Cirrity

Keynote: Enhancing Your ISMS Through Enterprise Architecture and Security Engineering (T11) Vern Williams, CISSP, CISA, ISSEP, CSSLP, CBCP, ISAM, CCSK, Lead Instructor, Security Practicioner Course, Austin Community College


Getting Started: Understanding Section 4, Context of the Organization Requirements (G12) Dave Anders, Managing Partner, SecuraStar

Security Metrics—Evaluating the Performance of the ISMS (T12) Jorge Lozano, Senior Manager Cyber Security, PwC


Getting Started with Third-Party Relationships: Keys to Accelerating Your Growth and Success (G13) Jimmy Sanders, President, ISSA San Francisco Bay Area Chapter

Metrics That Not Only Meet What ISO/IEC 27004 Is Looking For But Demonstrate Business Value (T13) Walter Williams, Director of Security and Compliance, Lattice Engines


Lunch in Exhibits (Salon E)


Getting Started with Information Security Metrics for 27K (G14), Gary Hinson, CEO, IsecT Ltd.

Using Open FAIR to Improve Security Spending Decisions (T14) Eva Kuiper, Enterprise Security Services GRC Consultant, Hewlett Packard Enterprise


Cloud Services, Their Customers, and Compliance (G15) Michael Fuller, Director, Coalfire ISO

Risk Management vis-a-vis Annex A Control of New ISO/IEC 27001 (T15) Neelov Kar, BSI


Networking Break in Exhibits (Salon E)


ISO/IEC 27040 and Self-Encrypting Storage (G16) Robert Thibadeau, Drive Trust Alliance; Michael Willett, Drive Trust Alliance

An Introduction to the New ISO/IEC 27004, "Monitoring, Measurement, Analysis and Evaluation” (T16) Richard G. Wilsher, Founder & CEO, Zygma LLC


The Role of the Information Security Control (Better Security through Control Identification & Implementation) (G17) Shane York, CISA, CRISC, CISSP, ISO-ISMS LI LA, Senior Associate, Schellman & Co.; Ryan Mackie, ISO Certification Services Practice Director, Schellman & Co.

Leveraging ISO/IEC 27001 for Compliance with Multiple Frameworks (T17) Sumit Kalra, Partner, Technology Assurance and Compliance, bpmcpa


Welcome Reception in Exhibits (Exhibits Open, Salon E, ends at 18:15)


27K: The Security Summit for the Americas • September 26-28, 2016


Wednesday, September 28 Enterprise Issues

Detailed session descriptions are online at Salon A&B


Salon C&D


Keynote: Security Justified—How to Get Your 27001 ISMS Funding (M20) David Cannon, President & CEO, CertTest

Keynote: Implementation Issues in the Cloud (T20) Amit Sharma, Partner Solutions Architect, Amazon Web Services


Why ISO/IEC 27001:2013 is NOT an IT Standard (M21) Sally Smoczynski, Managing Partner, Radian Compliance, LLC

NOW is the Time to Assess Your Third Party Vendors! (T21) Tom Garrubba, Senior Director, The Santa Fe Group/Shared Assessments


Networking Break in Exhibits (Salon E)


TBA (M22)

Integrating Third and Fourth Party Risk Management Into Your ISO/IEC 27001 ISMS (T22) John Verry, Managing Partner, Pivot Point Security


Using PPTM for ISO/IEC 27001 Compliance (M23) Scott Bullock, Information Security Manager, Forcepoint

ISO/IEC 27018 Redesigning Privacy in the Cloud (T23) John Dimaria, CSSBB, HISP, MHISP, AMBCI, ISO Product Director, BSI Group


Lunch in Exhibits (Salon E, Exhibits Close 13:40)


Addressing BCM So You Can Get Back To Your Day Job (M24) Robert Giffin, Co Founder, Avalution Consulting

Managing Cyber Security Gaps of ISO/IEC 27001 for Clients Requiring DFARS (800-171) Compliance (T24) Maria Horton, CEO/President, EmeSec


How Can I Relate ISO/IEC 27001 to My Actual Compliance Requirements? (M25) Craig Isaacs, CEO, Unifed Compliance; Kerry Macinnes, Marketing Director, Unified Compliance

Integrating ISO 22301 (Business Continuity) to ISO 27001 (Information Security) (T25) Eric Lachapelle, CEO, PECB


Break (Foyer)


Summary Panel Discussion: Security in the Cloud (P26) (Salon A&B) There is broad industry interest in "Information Security for Cloud Services." Companies are moving to IaaS/PaaS/SaaS solutions and it's becoming a requirement for the IT industry to go for ISO 27018 or CSA STAR certification. Panelists will provide different perspectives on current issues and future challenges for those involved with certified cloud security. Moderator: John Dimaria, CSSBB, HISP, MHISP, AMBCI, ISO Product Director, BSI Group; Panelists: Scott Bullock, CCSK, CISSP, CISM, Information Security Manager, Forcepoint Cloud Services; Alan Calder, Founder & Executive Chair, IT Governance; Jim Reavis, Co-founder & Chief Executive Officer, Cloud Security Alliance; Michael Thiessmeier, Delegate, ISO JTC 1 SC 27

Thursday-Friday, September 28-29: Two-Day Training/Exam Sessions • ISO 27005 Risk Manager Course (E30a) Presented by SecuraStar • Advanced Auditing for CSA Star Certification (E30b) Presented by BSI Separate registration required. Check at registration desk for more information and location of sessions.

South San Francisco Conference Center • South San Francisco, California




Speaker biographies are online at

David Anders Managing Partner, SecuraStar

Program Committee Chair & G12

Michael Fuller Director, Coalfire ISO


Scott Bullock

Tom Garrubba

CCSK,CISSP,CISM, Information Security Manager, Forcepoint Cloud Services

Senior Director, The Santa Fe Group/Shared Assessments



Alan Calder

Robert Giffin

Founder & Executive Chair, IT Governance

Co-Founder, Avalution Consulting

M20 & W02b

David Cannon President & CEO, CertTest Training Center

M20 & W02b

John DiMaria CSSBB, HISP, MHISP, AMBCI, ISO Product Director, BSI

Program Committee Chair, T23 & P26


Ryan Hill Community Engagement Manager, atsec information services

Program Committee Chair

Gary Hinson CEO, IsecT Ltd.


Maria Horton Willibert Fabritius

CISSP, ISSMP, IAM, Cloud Essentials, CEO, EmeSec

Senior Client Manager, BSI


Program Committee Chair


27K: The Security Summit for the Americas • September 26-28, 2016


Craig Isaacs

Crispen Maung

CEO, Unifed Compliance

Vice President of Compliance, Box



Sumit Kalra

Fiona Pattinson

Partner, Technology Assurance and Compliance, bpmcpa

atsec information security


Neelov Kar

Program Committee Chair Jim Reavis


Co-founder & Chief Executive Officer, Cloud Security Alliance


P10a & P26

Eva Kuiper Enterprise Security Services GRC Consultant, Hewlett Packard Enterprise


Eric Lachapelle

Bill Rutledge Project Director, 27K Summit

Program Committee Chair

Jimmy Sanders

Chief Executive Officer, PECB

President, ISSA San Francisco Bay Area Chapter



Jorge Lozano MSc, CISSP, CISM, CEH, ISO27001LI, FCNSP, Senior Manager Cyber Security, PwC

Amit Sharma Partner Solutions Architect, Amazon Web Services



Ryan Mackie

Sally Smoczynski

ISO Certification Services Practice Director, Schellman & Company

Managing Partner, Radian Compliance



South San Francisco Conference Center • South San Francisco, California



Robert Thibadeau

Richard Wilshire

Drive Trust Alliance

Founder & CEO, Zygma Partnership



Michael Thiessmeier

Timothy Woodcome

Delegate, ISO JTC 1 SC 27

Director, NQA, USA



Shane York Dan Timko President & CTO, Cirrity


CISA, CRISC, CISSP, ISO-ISMS LI LA, Senior Associate, Schellman & Company


John Verry Managing Partner, Pivot Point Security


Michael Willett Drive Trust Alliance


Vern Williams CISSP, CISA, ISSEP, CSSLP, CBCP, ISAM, CCSK, Lead Instructor, Security Practisioner Course, Austin Community College

Program Committee Chair, W02a & T11

Walter Williams Director of Security and Compliance, Lattice Engines



27K: The Security Summit for the Americas • September 26-28, 2016


E x h ib it F lo o r P la n

1. atsec information security, Platinum Sponsor 2. BSI, Gold Sponsor 3. SecuraStar/ISO Manager Software, Silver Sponsor 4. NQA 5. BPM, Water Sponsor 8. SGS, Bag Sponsor

9. Standard Fusion GRC 11. EmeSec 12. Perry Johnson Registrars 13. Pivot Point Security 14. COALFIRE, Badge Sponsor 15. 16. Avaluation

South San Francisco Conference Center • South San Francisco, California



Sponsors & Exhibitors Platinum Sponsor, Booth 1

Water Sponsor, Booth 5

atsec information security


United States atsec information security is an independent, privately owned company that focuses on providing laboratory and consulting services for information security. We address commercial and government sectors around the world. Our consultants are expert in a variety of technologies including operating systems, databases, and network devices. Our laboratories specialise in evaluating and testing commercial products, using international standards to help provide assurance to end-users about the products they buy and use. We focus on assisting organizations, large and small, achieve compliance with standards such as Common Criteria, FIPS 140-2, OTTPS, PCI, ISO/IEC 27001 and FISMA and offer a variety of services that complement that goal

United States Earn global recognition and customer credibility for your information security management system with BPM’s ISO 27001 Certification Services. ISO 27001 is an internationally recognized standard that helps guide organizations keeping information assets secure. BPM is accredited ISO/IEC 27001:2013 (ISO 27001) by the ANSI-ASQ National Accreditation Board (ANAB). As a certification body accredited by ANAB, BPM performs services in accordance with ISO 27001:2013. BPM is the premier West Coast provider of ISO 27001 certification. BPM’s experienced IT Assurance team is unique in its focus on guiding clients through the complex certification process.

Gold Sponsor, Booth 2

BSI Booth 16

Avaluation Consulting United States We specialize in creating business continuity and IT disaster recovery programs that meet the unique needs of organizations of all sizes in nearly every industry. Avalution will work with you to build a continuity program that is credible, pragmatic, and long-lasting. We invite you to explore our services and an overview of recently completed projects.


United States BSI’s legacy of making excellence a habit™ has made us a leading global provider of services designed to protect and grow businesses of every size and in every sector. Our technical experts, global presence, and long history means we can provide clients around the world with an unsurpassed level of service and a unique product portfolio. We enhance an organization’s management system by understanding and helping to solve problems using our full suite of services–Training, Assessment, and Business Improvement Software. At BSI, the power of our portfolio, expertise, and passion can provide the gateway to excellence inside an organization.

27K: The Security Summit for the Americas • September 26-28, 2016

ANAB Accredited ISO Certifying Body

ADVANTAGES OF ISO 27001 CERTIFICATION: • Independent verification that your company’s ISMS is in conformance with all aspects of the ISO 27001 Standard • Provides an internationally recognized verification of your organization’s commitment to information security, within your ISMS • The Certification scope is driven by you and your business needs, not by external compliance organizations

Call us to discuss certification

NORTH AMERICA | LATIN AMERICA | EUROPE 877.224.8077 | [email protected] |

SPONSORS Booth 11 Badge/Lanyard Sponsor Booth 14

Coalfire Systems United States We are a group of technology professionals that started in 2001 with a simple idea – cyber threats are increasing, compliance mandates are getting more complicated, and a well-designed cyber risk management program is your best line of defense. We’ve been rethinking risk management and compliance ever since. Coalfire helps organizations comply with global financial, government, industry and healthcare mandates while helping build the IT infrastructure and security systems that will protect their business from security breaches and data theft. The company is a leading provider of IT advisory services for security in retail, payments, healthcare, financial services, higher education, hospitality, government and utilities. Coalfire professionals use a combination of IT experience, expertise and intelligence to independently audit and evaluate your entire IT infrastructure to determine what your actual risks are, help you understand how to protect your business assets, and what resources you need to quickly identify and respond to security threats.

Association Sponsor

Cloud Security Alliance (CSA) The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud—from providers and customers, to governments, entrepreneurs and the assurance industry—and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.


EmeSec United States EmeSec is focused on improving a client’s effective use of technology to deliver agency mission/programs while mitigating cyber security vulnerabilities and risks. Founded as an Information Assurance (IA) business, EmeSec included a variety of advisory and assistance consulting, technical support, project development, and general engineering services. EmeSec gained certifications as a means of improving performance, showcasing the strong business management of the company, and obtaining compliance with what some government agencies required in larger and larger RFPs. As the cloud infrastructure and the need for System Security Engineering across the technology spectrum of cloud, mobile, and legacy system migration continues to expand, EmeSec has positioned itself to provide cloud security expertise that combines agile engineering and development efforts with an eye to the cyber and privacy threats that systems will inevitably face during deployment.

Booth 15 United States The ISMScloud Service was created by Project Hosts, Inc, a recognized leader in managed cloud services and hosting that is both ISO 27001 and FedRAMP SaaS compliant. Founded in 2003, the company has served thousands of enterprise customers and government agencies with highly secure, customized and standardsbased cloud solutions. Now, to help other companies secure their information management system and achieve their ISO 27001 certification, we’ve taken our knowledge and expertise and created an online service to simplify, speed and essentially ensure that you’ll pass the certification process. We did!

27K: The Security Summit for the Americas • September 26-28, 2016


Association Sponsor


ISSA Phoenix Chapter

United States ISO-Metrics is an application that can manage most of your ISO documentation requirement. This takes care of the total workflow from Incident to Problem (CAPA) to Change to Risk to Improvement and it uses QC tools like 5 Why/ Cause & Effect and 5W/1H techniques to help you with root cause analysis. It has a complete workflow for document management including version control and role based access control. Other important modules are Asset Management (including maintenance & calibration), Internal Audit and task management through calendar. The Organization configuration module helps you in defining the Policy and Objectives and allows you to define Context of the Organization. For ISO 27000 It allows you to maintain the databases of Security Controls (SOA) and the Clauses of Annex SL. The Information Security industry is growing and changing at an ever increasing rate. According to a recent report from Burning Glass Technologies, demand for information security experts in the US grew 3.5 times faster than demand for other IT jobs—and about 12 times faster than all other jobs—over the past five years. On the global scale, the number of information security professionals is projected to continuously grow more than 11 percent annually over the next five years, according to The 2013 (ISC)2 Global Information Security Workforce Study. Our aim at Phoenix ISSA is to provide you with the education, connections, and experiences to help you succeed.

Association Sponsor

ISSA San Francisco Bay Area Chapter The ISSA is an unbiased third party made up solely of security practitioners and, as such, is not motivated by politics or profits; only the ethical professionalism of our members and their dedication to protecting information resources in a professional manner. The ISSA is, “The Global Voice of Information Security.”

Association Sponsor

ISSA Silicon Valley Chapter The Information Systems Security Association (ISSA) is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members. Our chapter is comprised of over 250 Silicon Valley Information Security Staff, Consultants, Managers, Executives, and other business professionals. Our members come from Small Businesses and Fortune 100 companies. Our demographics are diverse, yet we share the common thread that we understand the criticality of Information

South San Francisco Conference Center • South San Francisco, California


SPONSORS Security as an enabler of today’s key business objectives and the improvements that will come tomorrow.

Event Sponsor

Booth 12

IT Governance

Perry Johnson Registrars IT Governance is a unique organisation. The company was founded in April 2002 to source, create and deliver products and services to meet the real-world, evolving IT governance needs of today’s organizations, directors, managers and practitioners. Our objective is to make this site the one-stop-shop for comprehensive corporate and IT governance information, advice, guidance, books, tools, training for the American market. We have been involved in designing, and successfully implementing, cost-effective ISO 27001 information security management systems since the standard was first promulgated. We write and publish extensively on IT governance subjects, including IT service management, project governance, regulation and compliance, and have evolved a range of leading-edge tools for IT governance, information security and regulatory compliance practitioners, available through the online shop on this site. We approach IT governance, regulatory compliance and information security issues from a management perspective and are committed to engaging business leaders in developing and implementing information, ICT regulatory compliance and information security strategies that enable their businesses to compete effectively in the global information economy.

Booth 4

National Quality Assurance (NQA) United States Your Partner for Organizational Success: You are not just selecting a Registrar, you are selecting a partner in your quest for success in the marketplace. NQA’s strategy for success is to maintain core values based on credibility, professionalism, integrity, communication and competent registrations for all clients. Our goal is to exceed our clients’ expectations. We continuously maintain sufficient auditor resources which allow us to minimize typical lead times to a few weeks, utilizing highly trained and experienced local auditors. Additionally, your NQA partnership brings you access to


valuable informational updates and resources, through our e-newsletters and network of training partners.

United States Perry Johnson Registrars, Inc. is a fully accredited ISO 27001 registrar that operates with the client’s best interests in mind. PJR’s auditors receive continuing professional development training in order to link your customer’s objectives with your process performance measurables. The focus on your organization’s need to meet or exceed customer expectations is why PJR should be your Registrar. Check us out at or contact us at 1-800-800-7910 for more information on how PJR can become your partner in certification!

Booth 13

Pivot Point Security United States For over 16 years, Pivot Point Security has focused on developing Information Security Management Systems (ISMS) that align with trusted and widely accepted standards and are tailored to each client’s particular risk. The result: you are “demonstrably secure” to your internal stakeholders, customers, and regulators. We partner with you and your team to evolve your ISMS as risks evolve, because demonstrably secure & compliant is a process – not a destination.

Silver Sponsor Booth 3

SecuraStar/ISO Manager Software United States SecuraStar is a niche consulting firm specializing in information security management systems (ISMS). Our years of experience and expertise in ISO 27001 consulting has resulted in international recognition of our products and services. ISO Manager is a comprehensive

27K: The Security Summit for the Americas • September 26-28, 2016

SPONSORS ISO 27001 and GRC compliance software system. Its an all-in-one digital command center designed specifically to implement, certify and manage ISO 27001 / Information Security Management Systems (ISMS) requirements.

Bag Sponsor, Booth 8

Your Conference Badge is a Digital Business Card

SGS North America United States SGS is the world’s leading inspection, testing and certification company and recognized as the global benchmark for quality and integrity. With more than 89,000 employees in 130 countries, SGS works with more than half of Fortune 500 companies but also with SMB organizations looking to enhance their business. SGS supports clients in opening up new business opportunities with information security conscious customers. SGS performs pre-assessment and certification audits to ISO 27001 for Information Security Management Systems, ISO 20000 for IT Service Management, ISO 22301 Business Continuity Management, Cloud Security Alliance (CSA) Security, Trust and Assurance (STAR) assessments and other programs, as well as supplier audits.

Badge/Lanyard Sponsor

Use any smart phone or pad QR code scanning app to retrieve complete contact information

Booth 9

Standard Fusion GRC Canada Standard Fusion is Fireloft’s cloud-based GRC software designed to make security and compliance simple and approachable. Standard Fusion is a modern web application designed to allow organizations to quickly and easily manage their operational risk, comply with standards, manage their organizations controls, control testing and follow best practices.

Many free QR code scanning apps are available. The following app is highly rated in many app stores: ScanLife by ScanBuy Inc. on Android, iOS, BlackBerry, Nokia Ovi, Windows Phone We make no representations or warranties regarding the functionality or performance of any third party software

South San Francisco Conference Center • South San Francisco, California


ISO 27000 Series Training    

ISO 27001 Lead Auditor ISO 27001 Lead Implementer ISO 27002 Manager ISO 27005 Risk Assessor

ISO 27001 Implementation     

Clause 4-10 implementation Risk Assessment Statement of Applicability Policies, Processes, Procedures Business Continuity Plans

ISO 27001 Audits    

ISO 27001 Gap Assessment Vendor / Supplier Audits ISO 27001 Internal Audit ISO 27001 Certification Audits

ISO 27001 Software    

Clause 4-10 Navigation Risk Assessment Task Management System GRC Compliance (FISMA, HIPAA, PCI, CSA, etc)

Contact us Today! 855-476-2701

New industry benchmark for cloud security CSA STAR Certification ISO/IEC 27001 + Cloud Control Matrix (CCM) + Maturity Model = STAR Certification

Cloud service providers can now reassure customers with a simple STAR Building on the internationally recognized standard for information security (ISO/IEC 27001), the new CSA STAR Certification scheme from BSI gives reassurance to users that cloud service providers have the relevant controls in place to address issues specific to the cloud.

Find out more 1 800-862-4977

Stop by our table to learn more!

Suggest Documents