A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Exploring the Relationship between Compliance and Risk Management - Mark Curto (Central Ohio Infosec Summit 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Exploring the Relationship between Compliance and Risk Management
Mark Curto

GRC - Session #3 - Mark Curto Mark will discuss the correlation between compliance and risk management, explaining how you cannot have compliance without risk management. Mark will go into defining compliance and risk management, what makes up a compliance program versus a risk management program, and the core goals and areas of focus. Mark will also show how to scale the programs to better suit the environment you are in; one size does not fit all!

Bio: Mr. Curto is a dedicated professional with over twenty-two years of comprehensive experience in the Information Security and Information Technology arenas. His breadth of experience covers multiple domains and disciplines within Information Security. Mr. Curto is currently an IT Security Analyst IV at Battelle Memorial Institute, the world's largest research and development non-for-profit organization, where he is the Lead for Policy and Compliance within the Corporate Information Security department. He performs compliance assessments for FISMA, HIPAA, SCADA, and DFARS on both government and private industry projects with information system implementations within physical, virtual, and cloud based environments. Mr. Curto has held previous positions performing Certification and Accreditation, Vulnerability Management, Forensics, and Compliance. He has developed, implemented, and managed security architectures, tools, and compliance for large enterprise networks. Mr. Curto has a Bachelor of Science in Applied Science and Technology from Youngstown State University majoring in Computer Technology and minoring in Business Management. He currently holds the following professional certifications; Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Certified Security Analyst (E|CSA), Certified Computer Examiner (CCE), Certified SCADA Security Architect (CSSA), (CNSS) NSTISSI 4011 and CNSSI 4012 - FISMA, International Organization for Standardization ISO/IEC 27002 (ISFS), and Information Technology Infrastructure Library Foundation (ITILFv3) and Service Strategy (ITILSSv3). He has completed advanced writing courses and is a published author. He is also an accomplished speaker having given numerous presentations and competed through Toastmasters International at the district level.

Back to Central Ohio Infosec Summit 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast