Introduction to 27K and Management Systems Certification

When:  Feb 12, 2019 from 8:30 AM to 4:30 PM (ET)

Session date has been changed from January 29, 2019 to February 12, 2019

Session Description:

As a business or technical leader, you must make information security continuously align and successfully integrate into the organizational ecosystem. Working with a great team of professionals, having implemented a security management system, or utilizing the latest tools, controls and monitoring systems will help move information security in the right direction.However, success is there for the ones that continuously adapt to an ever-changing business environment and to do so, it is crucial to understand, as soon as possible, future industry trends and challenges.For example, analysts and industry experts agree that the scalability and flexibility of cloud services will continue to drive adoption. Nevertheless, cloud customers are concerned about security as it remains a key reason why organizations hesitate to adopt cloud services despite the flexibility and scalability the cloud can offer.

The main elements of this are the worries that data could end up in the wrong hands and what control does a customer have over careless operators. But there are other concerns too: issues such as customer identity, segregation of assets on virtual servers and what happens to assets in the event of a CSP going out of business are also issues that play on potential cloud users’ minds.

What we will cover

The ISO 27001 series addresses some of these concerns and new standards and frameworks, like ISO/IEC 27017, Cloud Security Alliance (CSA) and NIST Cyber Security framework go further in providing integrated and adaptive solutions in balancing information risks with the controls in an effective manner.

By participating in our seminar you’ll learn and discuss these relevant topics in addressing security compliance frameworks and providing better solutions to client and regulatory security requirements:

  • From the Implementation to the Certification
    • During this session, we will discuss the premises of implementing, auditing and certifying an information security system based on the ISO 27001:2013 standard;
  • The relevance of Cloud Security Certifications in the Operational context
    • During this session, we will discuss the benefits of extending the ISO 27017:2015 and Cloud Security Alliance (CSA) into the cloud and the specific requirements associated with the certification;
  • Working towards an adaptive security controls framework
    • During this session we will discuss the trends and opportunities associated with the implementation of adaptive information security controls using a cyber security framework such as BSI - NIST Cyber Security Framework.

About the Speaker:

Cristian Dragnef, Lead Auditor


Cristian Dragnef is Senior Management Consultant with more than fifteen years of experience and extensive expertise in information risk and security management, quality management systems, IT service management, and software development. He leads project teams in working with clients’ executive leadership to develop and implement quality and security initiatives, information security frameworks, quality management and security management systems.

Relevant Experience

For the last fifteen years, Cristian has successfully project managed, trained, implemented, and conducted management system assessments and provided management advisory to clients in various verticals across North America.

Specifically he works in the assessment and implementation of Information Security Management and Quality Systems for Telecom providers, Equipment manufacturers, Software providers, Global News and Media corporations, Engineering Firms, Sourcing Providers, Management Consulting, Mining, Health Care providers and Law firms. In the last ten years he has provided advisory and third party audit services for more than thirty global large organizations each with more than 5,000 employees or 1 billion $ in annual revenue.

Cristian is a accredited ISMS Lead Auditor with IRCA, certified ISMS and QMS trainer with RABQSA and a STAR Alliance certified auditor.

Areas of expertise

  • Corporate Management Systems

  • Information Security

  • Quality Management

  • ISO 9001 and ISO 27001


  • Cloud Security (CSA STAR)

  • Information Risk Management

  • Manufacturing

  • Auditor Training


Please Note:  There is a cancellation policy in effect


Ivey Tangerine Leadership Centre
130 King Street West
Toronto, ON