Maintenance will be taking place for Shop on Wednesday 28th October 2020 between 07:00 AM and 08:30 AM UK time. You will not be able to place any orders while this work is being carried out. Please accept our apologies for any inconvenience caused during this essential maintenance work.

2nd Annual Information Security Conference

12-13 May 2010, CBI Conference Centre, London

Best practice and the latest developments

BSI's Information Security conference will provide you with the very latest developments in Information Security Management best practice.

Through presentations and discussions with industry experts, you'll gain a thorough understanding of the standards that will underpin and support your work. Equipped with this knowledge, you'll be able to influence your company's information security management processes at boardroom level.

Key features and benefits:

  • Clear guidance on how to achieve the implementation of effective ISMS
  • Learn about and discuss latest standards developments on Information Security
  • Indentify steps on how to get the ISM strategy you want adopted and funded by the Board and used across your stakeholder network
  • Learn from industry and standards experts; how to overcome challenges through best practice and case study examples
  • Understand the requirements for audit and certification of ISMS
  • Receive a complimentary copy of BS ISO/IEC 27004:2010 Information Technology. Security Techniques. Information Security Management.Measurement.

Download the conference brochure

The event will also provide an invaluable insight into new information security standards, such as:

Please check back for updates as the conference agenda is confirmed


Media partners:


intellect uk


Agenda - Thursday 13 May

Chairman’s Introduction

Chairman: Alan Calder, CEO, IT Governance

Keynote: Key information security challenges facing organisations in 2010

  • The drivers for security
  • Managing the key security risks
  • Addressing the key security challenges
  • Where organisations are investing in security
  • How organisations are leveraging new technology to support addressing the security risks.
Steve Holt, Executive Director, EMEIA Financial Services, Ernst & Young LLP

Path to effective Information Security Management

  • Overview of developments in SC 27
  • Implementation of ISO/IEC 27001
  • How to achieve an effective ISMS
  • Auditing and certification.
Dr Angelika Plate, Director, AEXIS Security Consultants


  • Information security management for SMEs
  • Pragmatic approach to managing the risk
  • Down to earth policies, procedures and technical controls
  • Bridging the SME awareness gap
  • Getting help.
Prof. Edward Humphreys, ISO/IEC JTC1/SC27 WG1 Convenor for ISMS Standards Prof. of ISMS standards, Hagenberg University of Applied Science, Upper Austria

Case Study: Practical guidance on implementation BS ISO/IEC 27003

  • Design the ISMS
  • Getting management buy-in for an ISMS project
  • Conducting information security requirements analysis
  • Assessing Information security risks and planning appropriate treatments.
Dr. David Brewer, Director, Gamma Secure Systems Limited

Assess the effectiveness of an ISMS

  • The rationale for assessing effectiveness
  • A simple and understandable approach
  • Using ISO/IEC 27004.
Paul Williams, Associate, Protiviti

The business case for BS ISO/IEC 25777 - Code of Practice for ICT Continuity

  • Getting a business perspective
  • Managing expectations
  • Ensuring value for money from investment in IT continuity and resilience
  • Embedding IT continuity in the business
  • Where next for BS 25777 - what does internationalisation mean?
Ron Miller, Managing Consultant, Sungard

Improving Security Management by embedding BS ISO/IEC 27001

  • Requirements for an ISMS and for those certifying such systems
  • Developing an audit schedule and identifying integration opportunities
  • Continous improvement - processes and requirements
  • Conformity assessment for ISMS.
Mike Softley, Senior Consultant, Ultima Risk Management

Panel session

  • Security training and awareness
  • How do you strengthen security at a time when budgets are tight.
David Lacey, Director of Research, ISSA-UK
Vernon Poole, Head of Business Consultancy, Sapphire

Cloud Computing – know your rights

  • Data Protection and Security
  • Regulatory Requirements
  • Negotiating contracts for cloud services: service levels and liability, service changes, ownership of data and other issues
Renzo Marchini, Solicitor, Dechert LLP

Managing security in outsourced and off-shored environments

  • Business risks in outsourcing, off-shoring and cloud environments
  • Security and legal issues throughout the outsourcing lifecycle
  • Strategies for due diligence, negotiation and relationship management.
David Lacey, Director of Research, ISSA-UK

Information security – the way ahead

  • Emerging trends - need to be more business focused
  • IT Governance & Information Governance developments
  • Aligning board, management and auditors - the emergence of a new business model for Information Security (BMIS).
Vernon Poole, Head of Business Consultancy, Sapphire

Please check back for updates as the conference agenda is confirmed

Pre-Conference Workshop, 12 May 2010

Risk Management - Practical guidance for BS ISO/IEC 27005

Tutor: Dr Angelika Plate, Director, AEXIS Security Consultants

More than ever before, organizations are today aware of threats that could compromise their Information Security, causing possible financial loss or reputational damage. The International Standard BS ISO/IEC 27005:2008 describes the information security risk management process and associated actions, and has been written to help manage these business-critical risks.

This is a practical, case study-based workshop on Risk Management, providing the practical hands-on implementation of the standard BS ISO/IEC 27005.

ISO/IEC 27001 – Risk Assessment and Management

  • Introduction to risk assessment
    - ISO/IEC 27005 ISMS risk management
  • Identifying security requirements
  • Identifying and evaluating assets
  • Identifying threats and vulnerabilities and the risk of exposure
  • Calculating risks
  • Selecting the right risk treatment option(s)
  • Selecting the best set of controls and producing a statement of applicability
  • Risk management.

Please check back for updates as the workshop programme is confirmed

Who should attend?

All those in both the private and public sector responsible for and dealing with:
  • ICT/IT management, specifically information security
  • E-Commerce
  • Risk
  • BCM
  • Governance
  • Compliance/Audit.

Comments from last year's delegates:

"Excellent speakers, talking on relevant topics, pitched at the right level"
Janine Chasmer, Royal Institute of British Architects

"Very well organised, I learnt a lot. Gave some good ideas for developing guidance around the standard"
Peter Heywood, TfL

"Very good overall, some excellent speakers who ere very clear in the message they were trying to convey"
Adam Dunne, RJ Kiln & Co Ltd

"Very well organized event"
Alison Morton, NHS 24

"Thoroughly enjoyable and very informative"
Steven Kerslake, Virgin Media

Sponsorship opportunities

Through BSI conferences and events your company will be able to reach your target market and showcase your products and services.

If you are interested in promoting your company, its products and services at the Information Security Conference, please contact Courtney McGrath on
+44 (0)20 8996 7371 or email

Interested in sponsoring? Download our sponsorship information pack


Book your place online:

The quickest and easiest way to book your place at BSI's Information Security conference is to fill in our simple online booking form. We offer two basic packages:

  • Conference only - attend the Information Security conference on 13 May
  • Conference + pre-conference workshop - attend both the conference (13 May) and our pre-conference workshop (12 May)

  • Discounts are available for public sector companies and SMEs (defined as an organization employing fewer than 250 persons and with an annual turnover not exceeding £45.5 million).

    You can also book over the phone by calling the BSI Customer Service team on +44 345 086 9001

    Conference only, 13 May 2010

    Click on the prices below to book your package:

    Standard rate:


    SME rate:


    Public sector rate:


    Conference + pre-conference workshop, 12-13 May 2010

    Click on the prices below to book your package:

    Standard rate:


    SME rate:


    Public sector rate:


     Your basket
    Your basket is empty