Information Security 2014

Venue: Etc Venues Victoria, 1 Drummond Gate, London, SW1V 2QW

Date: Tuesday 11 November 2014, London

Information security Conference image

The growth of the internet has transformed our everyday lives and is an important part of our economy. But with greater openness, interconnection and dependency comes greater vulnerability.

European Information Security Survey 2014 found:

  • 67.6% of information security professionals believe intelligence is not shared effectively between government and industry
  • 58.6% said the Snowden revelations have had a positive effect on making business understand potential threats
  •  47.4% think the industry has a short-term approach to information security strategies.

Join us at Information Security 2014 and get up-to-date with the latest security issues, the most pressing threats of tomorrow and how we can effectively address them.

Bringing together security experts, senior officials and policy-makers from across public sector and industry to discuss the ever-changing threats posed by cyber-crime, this event is not to be missed.

You’ll have the chance to:

  • Gain a better understanding of ISO/IEC 27001 and ISO/IEC 27002 - the recently published international standards for information security management
  • Understand the opportunities and risk  of cloud computing
  • Receive essential information on certification for Cloud providers
  • Learn about the Government’s Cyber Essentials Scheme
  • Hear practical case studies from organizations with successful information management systems
  • Get the latest updates from key industry players
  • Network with peers and industry experts.

Sponsorship opportunities

We tailor our sponsorship and exhibition packages to help you meet and influence the people who are going to ensure the growth of your business. We do this by working in partnership with you to develop a bespoke package that meets your objectives. For more details, please contact

Eligible for CPD points


Media Partner


Who should attend?

Those responsible for information security, risk management and ICT within their organizations, including:

  • Information Security Officer
  • Head of Information Security
  • Information Security Consultant
  • IT Systems Manager
  • Operations Manager
  • Risk and Information Security Manager
  • Quality Systems Manager
  • ICT Manager
  • Network Engineer
  • Head of Risk
  • Head of IT
  • Information Security Advisor
  • Business Devolvement Manager
  • Compliance Officer
  • Implementation and Standardisation Process Manager
  • Technical Director
  • Production Control Manager
  • Information Assurance Manager
  • Risk Management Officer
  • IT Support Coordinator
  • Lecturer in Computing
  • Practice Manager
  • Quality Manager
  • Quality Director
  • Infrastructure Manager
  • IT Supervisor
  • Data Analyst
  • Governance, Risk & Compliance Manager
  • Training Tutor
  • IT Project Officer
  • IT Support Services Manager


08:00 Registration

8:45 - 9:15 

Breakfast briefing: Introduction to CSA STAR Certification Scheme

  • What is CSA STAR Certification?
  • Who is CSA STAR Certification for?
  • What are the benefits of CSA STAR Certification?

Tom Nichols, Global Security Certifications Manager, BSI 

9:30 – 9:40  Chairman's opening

Professor Fred Piper, Royal Holloway University of London    

9:40 – 10:00  

 Keynote  speech – Keeping the UK safe in cyber space

Richard Bach, Assistant Director Cyber Security, Information Economy Department for Business, Innovation & Skills

10:00 – 10:20  

 Beyond Cyber Essential Scheme

  • Why the scheme shouldn’t be viewed as a complete solution?
  • How to incorporate business risk management, corporate governance of cyber security or employee awareness?

Mark Brown, Director, Cyber Security & Resilience, Ernst & Young LLP

10:20 - 10:40  

 Prevention is Futile – Dealing with Cyber Incidents

  • The smallest of incidents can have the biggest of impacts
  • What should a CIRP or Cyber incident response plan contain?
  • Executives: Step up to the plate 

Amar Singh, Information Security GRC Expert, Strategist & Thought Leadert

10:40- 11:00   

 Should the industry do more to attract talent?

  • Identifying and following a worthwhile career path 
  • Only 7 % of information security professionals are aged 20-29 
  • What should be done?

Jonathan Millican, UK Cyber Security Challenge Champion 2012

11:00 – 11:10 Q&A

11:10 – 11:30  Morning Networking Tea & Coffee break 

11:30 – 11:50

The importance of  Information Security Governance

  • Engaging with Boards/Senior Management
  • ISO27001/2: 2013 is ‘business focussed’ - so why should Boards establish  adequate Governance?
  • What are the best practice Governance principles?

Vernon Poole, Head of Business Consultancy, Sapphire

11:50 - 12:10 

 Making a Meal of It: From Recipe to Table with ISO/IEC 27001 & 27002

  • How to establish, implement, monitor and continually improve your  ISMS?
  • Could you afford to ignore BS ISO/IEC 27001 and 27002?
  • Practical approach

Bridget Kenyon, Head of Information Security, UCL

12:10 - 12:30

Why bother with certification to 27001?

Preparing for ISO27001 audit What an ISO 27001 assessment is and what happens during an assessment?

Dr. David Brewer, Director, IMS-Smart Ltd

12:30 – 13:00  Panel discussion

Should there be a greater pressure for voluntary compliance?

Alan Calder, Founder & Executive Chair, IT Governance Ltd

Bridget Kenyon, Head of Information Security, UCL

Amar Singh, Information Security GRC Expert, Strategist and Thought Leader Ron Miller, Principal Consultant, SunGard

Facilitator: Vernon Poole, Vernon Poole, Head of Business Consultancy, Sapphire

13:00 - 14:00  Lunch

14:00 – 14:20 

Keeping organisations safe - with a lot of regulatory and political confusing? Are we being diverted? Is this causing a risk?

  • CBEST - FCA recommended cyber security testing framweork - early day
  • Cyber Security - FCA or PRA agenda - or both?
  • Cyber Security on the curriclum - 1m vacancies world-wide, is the education going to be robust?

  • To write data protection legislation

Mike Jolley, Head of Information Security & Risk, Yorkshire Building Society

14.20 – 14.40

Case Study - Risk-based approach to integrating SMS

  • Introduction to Business Assurance System, is a risk-based, integrated management system that provides governance, instructions and advice on how  to promote best practice across the group.
  • Why certification to six standards including ISO 27001 makes integration far more easy?
  • The benefits of standardised approach

Tony Blanch, Business Improvement Director, Costain Group

14:40 – 14:50 Q&A

14:50 - 15:10 - Afternoon Networking Tea & Coffee break

15:10 - 15:30   

Managing supplier relationships and BS ISO/IEC 27036-3

  • Dealing with the information security risks caused by physically dispersed and multi-layered ICT chains
  • How to integrate your information security processes and practices into the system and software lifecycle processes?
  • Relationship between BS ISO/IEC27036-3 and BS ISO/IEC 27002
Ron Miller, Principal Consultalt, Sungard

15:30 – 15:50 

Security in the Cloud & development of BS ISO/IEC 27018

  • BS ISO/IEC 2701827018 approach and rationale
  • Origins of ISO/IEC 27018 PII protection controls
  • Protection of PII: relationships in the cloud

John Phillips, Principal Technology Strategist, Microsoft

15:50 – 16:10   Legal Issues in the cloud

  • Navigating data protection and regulatory requirements in the cloud
  • Legal issued around cloud security
  • Cloud Contracts

Renzo Marchini, Special Councel, Dechert LLP

16:10 - 16:20 Q&A

16:20 - 16:45 Interactive table discussion:

Is now the best time to be in the information security industry?

Facilitator: Vernon Poole, Head of Business Consultancy, Sapphire

16:45 Chairman's closing remarks

Book Now

To book your place simply click on the one of the options below link below.

Definition of rates:

Standard rate:  Includes organizations that are not controlled by the government. Often have Ltd or plc at end of full company name.

Public Sector: Organizations providing basic government services including, the police, military, public roads, primary education and healthcare. This rate also applies to local authorities, councils and government departments, schools and hospitals.

SME rate: An organization that employs fewer than 250 persons and which have an annual turnover not exceeding £25 million



Non member - £300 + VAT 
Member - £150 + VAT   

 Your basket
Your basket is empty