Exploring the Relationship between Compliance and Risk Management
Mark Curto

GRC - Session #3 - Mark Curto Mark will discuss the correlation between compliance and risk management, explaining how you cannot have compliance without risk management. Mark will go into defining compliance and risk management, what makes up a compliance program versus a risk management program, and the core goals and areas of focus. Mark will also show how to scale the programs to better suit the environment you are in; one size does not fit all!

Bio: Mr. Curto is a dedicated professional with over twenty-two years of comprehensive experience in the Information Security and Information Technology arenas. His breadth of experience covers multiple domains and disciplines within Information Security. Mr. Curto is currently an IT Security Analyst IV at Battelle Memorial Institute, the world's largest research and development non-for-profit organization, where he is the Lead for Policy and Compliance within the Corporate Information Security department. He performs compliance assessments for FISMA, HIPAA, SCADA, and DFARS on both government and private industry projects with information system implementations within physical, virtual, and cloud based environments. Mr. Curto has held previous positions performing Certification and Accreditation, Vulnerability Management, Forensics, and Compliance. He has developed, implemented, and managed security architectures, tools, and compliance for large enterprise networks. Mr. Curto has a Bachelor of Science in Applied Science and Technology from Youngstown State University majoring in Computer Technology and minoring in Business Management. He currently holds the following professional certifications; Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Certified Security Analyst (E|CSA), Certified Computer Examiner (CCE), Certified SCADA Security Architect (CSSA), (CNSS) NSTISSI 4011 and CNSSI 4012 - FISMA, International Organization for Standardization ISO/IEC 27002 (ISFS), and Information Technology Infrastructure Library Foundation (ITILFv3) and Service Strategy (ITILSSv3). He has completed advanced writing courses and is a published author. He is also an accomplished speaker having given numerous presentations and competed through Toastmasters International at the district level.

Back to Central Ohio Infosec Summit 2015 video list