Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

Link complex regulation to practical security

Wayne Anderson (Avanade)
13:15–13:55 Friday, 11 November, 2016
Bridging business and security
Location: G106/107 Level: Intermediate

Prerequisite knowledge

  • An essential understanding of risk management
  • Familiarity with ISO27001, NIST 800-53, or other similar security program management structures (useful but not required)

What you'll learn

  • Discover tools to capture your compliance obligations
  • Learn to build a map of how those obligations apply to your security business and translate those into a practical security program based on ISO or NIST standards
  • Understand how to plan for program review and onboarding of new obligations


Your business is subject to more complex regulations and compliance obligations than ever before. There are two things you can count on: tomorrow will be worse, and the rate of change will never again be as slow as it is today.

Your security organization cannot establish cost-effective protection without understanding what these obligations are or how to plan for them in the future. Wayne Anderson shares lessons learned from a multiyear program build to translate regulations and compliance obligations into practical security controls.

This session is a can’t-miss opportunity for security managers and executives to organize the complexity of modern regulation and align security investment to support your business.

Wayne Anderson


Wayne Anderson is a director and global client information security lead at Avanade, where he leads security programs focused on supporting clients the world over. Wayne has more than a decade of experience in infrastructure and security and holds certifications from ISACA, GIAC, and the International Association of Software Architects.