Information security:
Latest Risk Management and ICT Readiness Updates Conference 2012

Information security: Latest Risk Management and ICT Readiness updates

Learn about measurable, systematic and cost effective ways to battle the new information security risks

Conference: 28 February 2012
Workshop: 29 February 2012
One Drummond Gate, Victoria, London, SW1V 2QQ

You can learn how to save money and battle the new information security and ICT continuity threats successfully - at BSI’s Information Security Conference 2012.

Standards based methods for survival

Decreased budgets. Increased threats. At times like these you need to plan and think ahead.

That is why, BSI, the originator of ISO 27001 and forward thinking organizations and experts like Vodafone and Trend Micro want to share their experience and best practice so you too can be more confident, and richer in the face of uncertainty.

Five reasons to attend:

  • Hear real-life case studies by organizations that have direct experience implementing standards; the problems they encountered and benefits they achieved
  • Learn how to use effective information security risk management (specified in the recently revised international standard for information security risk management, ISO/IEC 27005) to reduce costs and minimize risk
  • Discover the most effective techniques to get management engagement, buy in and support
  • Get first hand practical tips about Vodafone’s strategic innovation
  • Understand how ICT continuity best practice (based on the new ISO/IEC 27031, ICT readiness for business continuity) can help you design a system that ensures your ICT services supports overall business continuity

Who should attend?

You should attend if you are responsible for information security, risk management and ICT continuity within organizations including:

  • ICT/IT management, specifically information security
  • E-Commerce
  • Risk
  • BCM
  • Governance
  • Compliance or Audit.


Conference Agenda - 28 February 2012

9:30 – 9:40 Chairman’s Introduction

Alan Calder, CEO, IT Governance Ltd

9:40 - 10:10 Keynote – The importance of embedding security into design of IT

  • The drivers for security
  • Managing security risks 
  • Key security challenges 
  • Where organizations are investing in security 
  • How organizations are leveraging new technology to support addressing the security risks.

Suheil Shahryar, Head of Security Engagement, Royal Mail

10:10 - 10:40 Economics of IS Management

  • Estimation of security breach cost
  • A risk management approach
  • Cost effective technology configuration
  • Value from deployment of multiple technologies.

Vernon Poole, Head of business consultancy, Sapphire

10:40 – 11:10 Social Media – risks, threats & opportunities

  • Changing face of social networking
  • Technical security vs User security
  • Identifying risk and creating appropriate policy
  • Security awareness.

Rik Ferguson, Director Security Research & Communications EMEA, Trend Micro

11:10 – 11:25 Morning coffee

11:25 – 12:05 Case study on achieving ISO 27001 Certification

  • Drivers
  • Gaining management and business buy in
  • Use of external consultants
  • Road to certification
  • Challenges
  • Post certification – What’s next?

Colin Smith, Director of Information Technology, Pinsent Masons
Kyri Yiatanou, Information Security Manager, Pinsent Masons

12:05 - 12:35 Practical guidance - Implementing BS ISO/IEC 27005

  • Pragmatic approach to managing the risk 
  • Policies, procedures and technical controls
  • Bridging the SME awareness gap 
  • Getting help.

Lisa Dargan, Director, Ultima Risk Management

12:35 – 13:00 - Discussion session - information security skills for the future

Facilitator: Vernon Poole, Head of business consultancy, Sapphire

13:00 -14:00 – Lunch

14:00 – 14:30 - Growing importance of ICT continuity – need for ISO 27031

  • An introduction to ICT Readiness and where it sits within Information Security and Business Continuity 
  • The consequences of the ICT Readiness Gap
  • How to justify the costs of ICT resilience using ISO 27031.

Ron Miller, Principal Consultant, SunGard

14:30 – 15:00 – Vodafone’s Data Centre BPAR philosophy: cross-functional BIA, risk analysis and strategic innovation

  • Business Protection Assurance Review (BPAR) - methodology
  • Cross-functional approach in a multinational
  • Data Centre BPAR: successes and future

Steve Bridge, Principal Disaster Recovery Manager, Vodafone Group

15:00– 15:10 Q&A

15:10- 15:30 Afternoon tea

15:30 – 16:00 Cloud Computing – Risk & Security issues

  • What is Cloud Computing?
  • Information security risks in the Cloud
  • How ISO 27001 relates to Cloud Computing
  • 10 Cloud information security questions to ask.

Mike Small, Senior Information Security Advisor, Kuppinger Cole

16:00 – 16:30 Discussion Session on ISO 27005 & ISO 27031

Facilitator: Vernon Poole, Head of business consultancy, Sapphire

16:30 – 16:45 - ISO 27001 UK User Group Update

16:45 – 17:00 – Chairman closing remarks

Delegates are cordially invited to a complimentary drinks reception at the close of the conference to celebrate the publication of BS ISO/IEC 27031:2011 and BS ISO/IEC 27005:2011. The drinks reception is an ideal forum for networking opportunities and discussing the day’s findings.

Please note timings are provided for guidance only and may be subject to change.

ISO 27001 Information Risk Management Workshop - 29 February 2012

Workshop starts at 10:00 – 13:00

As one of the latest members of the growing family of the BS ISO/IEC 27000 series of information security standards, the purpose of BS ISO/IEC 27005 is to provide guidelines for information security risk management.

Whilst not providing any specific methodology, the Standard advocates a structured, systematic and rigorous process from analysing risks to creating the risk treatment plan and monitoring and reviewing risk on an ongoing basis. Information risk management needs to be an integral and continuous part of any information security management system (ISMS).

This half day workshop is aimed at providing practical and pragmatic advice on how best to implement information risk management in alignment with ISO 27005 and best practice.

During the workshop, delegates will be taken/guided through the key aspects of information risk management, where they will learn practices and techniques which can be used directly in their own organizations.

Topics covered include

  1. Scope of the risk assessment including grouping of information assets
  2. Understanding what types of vulnerabilities, threats and risks can affect an organization
  3. Evaluating and estimating the risk
  4. What level of risks could be acceptable (Criteria for establishing a risk appetite)
  5. How risks can be treated (risk treatment plans)
  6. Tracking and monitoring risks (risk register) including how to identify new risks?
  7. Implementing a ‘continuous improvement’ and iterative process

Led by risk professionals, this workshop is practical and interactive. Working with the presenters in small groups delegates will gain hands on experience that can be directly applied when they return to their own organizations.

Lisa Dargan, Director, Ultima Risk Management

ISO 27031 – Guidelines for ICT Readiness for Business Continuity Workshop - 29 February 2012

Workshop starts at 14:00 -17:00

The new ISO 27031 standard expands on the groundwork established in BS 25777 and provides detailed guidance to enable IT departments to provide enhanced resilience and effective recovery capabilities.

This half day workshop will provide you with the insight into best practices of information security incident handling and management and ICT readiness planning and services and is intended for use in organizations of all sizes in all sectors. It will explain its relationship with business continuity management, emphasising the role that ICT readiness has in supporting business continuity priorities.

Topics covered include:

  1. The concepts and principles of ICT Readiness for BCM (IRBC)
  2. How ISO 27031 relates to BS 25777
  3. The relationship between IRBC and BCM
  4. Common failings in organizations seeking to implement effective information availability and continuity
  5. The role that ICT Readiness has in supporting an organization’s BCM priorities
  6. Its approach to resilience, continuity and DR and how it integrates with wider organizational objectives
  7. How ISO 27031 can help in the implementation of ISO 27001/27002
  8. How ISO 27031 can help in the implementation of BS 25999

Ron Miller, Principal Consultant, SunGard Availability Services (UK) Limited

About & Sponsorship

About BSI Conferences and events

BSI British Standards conferences and events bring together key players to learn about latest trends, regulations and topical issues with opportunities for delegates to take part in open discussions and debates led by panels of expert speakers. In addition, these conferences may have workshops running alongside to provide guidance and practical advice.

With relevant and up-to-date information, presented in an accessible and appropriate manner, you will leave one of our events better equipped to face your professional challenges and responsibilities.


Through BSI conferences and events your company will be able to reach your target market and showcase your new products and solutions.

If you are interested in promoting your company, its products or services at the conference, please call +44 20 8996 7705 or email

If you would like to work with BSI on a contra basis as either a supporting organization or a media partner for the conference, please call +44 20 8996 7013 or email

Book your place 

Booking is easy. Just select the events you would like to attend and click on the  the rate for your organization type. You'll then be taken to a product page where you can proceed to checkout.

What kind of organization are you?


Standard SME This is a special discounted rate for public sector and charitable organizations onlyPublic sector / charity
Information security conference
28 February 2012
Information security conference & half-day masterclass
28-29 February 2012
Information security conference & full-day masterclass
28-29 February 2012

Alternatively, call customer services on:
+44 345 086 9001

Please note:

We will never supply your information to third parties for marketing purposes. BSI handles all personal information in compliance with the Data Protection Act 1998 and the EU Communications Directive 2002. We will only send you relevant information about our products and services that may be of interest to you via email.

 Your basket
Your basket is empty


Access, view and download standards with multiple user access, across multiple sites with BSOL

BSI Membership

Up to 50% off standards and conferences


Monthly industry and standards news

Join Us

Find out more & interact with BSI across social media networks