The Risks of 'Security by Compliance' - Interview with ISACA's John Pironti
b'Regulatory compliance is the backbone of a financial institution\'s information security program. But compliance alone isn\'t enough, says John Pironti of ISACA\'s Education Board, who advises institutions to take a risk-based, not a "checklist-based" approach to security.\\n\\n
In an exclusive interview, Pironti discusses:\\n\\n
In addition to his role with ISACA, Pironti is currently the Chief Information Risk Strategist for CompuCom. He has designed and implemented enterprise wide electronic business solutions, information security programs, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, government, hospitality, aerospace and information technology on a global scale. Pironti has a number of industry certifications including Certified in the Governance of Enterprise Information Technology (CGEIT) Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and an Information Systems Security Management Professional (ISSMP). He is also a published author and writer, and a frequent speaker on electronic business and security topics at domestic and international industry conferences.'