ISACA Leader Calls For Fundamental Change To Information Security

  • Jul 24, 2009

At ISACA’s International Conference in Los Angeles recently, security professional John Pironti called for a sweeping change in how enterprises deal with information security.

“Security by compliance is no longer working,” said Pironti, who is president of IP Architects and an ISACA volunteer. “The number and impact of security breaches have dramatically increased in the last couple of years, even though companies were in compliance with standards like PCI, GLBA, FFIEC, FISMA and others.”

If organizations continue to focus on security by compliance, he argues, the adversaries will continue to win as their attacks become more effective and more damaging. “Compliance can be a good starting point for securing information infrastructure and data if an organization has not put anything in place previously, but it cannot be the end point of the conversation.”

“We need to change the fundamental approach to the way enterprises deal with information protection,” Pironti said in his “Information Security 2.0” presentation at ISACA’s conference. “We need to stop thinking about information security and start thinking about information risk management.”

Information risk management requires more input from and decisions made by the business, instead of solely by security professionals and regulators.

Explaining the difference between the two, Pironti said, “Information security sets the tone for organizations that forces them to put measures in place that may actually end up preventing the business from being successful. Risk management gives the organization the power to make the security decisions that align with its business requirements and then implement appropriate controls.”

Another critical change, according to Pironti, is to focus on protecting data and information instead of just technology.

“The technology is just a vessel for the data and has little value by itself. By focusing on the data, enterprises will be better prepared for the challenges that they may face from any adversary” Pironti said.

In addition to Pironti’s presentation, ISACA’s International Conference also featured the unveiling of Risk IT, a new IT enterprise risk management framework developed by ISACA. The framework will be publicly available as a free download in September.

Featured

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

  • Empowering and Securing a Mobile Workforce

    What happens when technology lets you work anywhere – but exposes you to security threats everywhere? This is the reality of modern work. No longer tethered to desks, work happens everywhere – in the office, from home, on the road, and in countless locations in between. Read Now

  • TSA Introduces New $45 Fee Option for Travelers Without REAL ID Starting February 1

    The Transportation Security Administration (TSA) announced today that it will refer all passengers who do not present an acceptable form of ID and still want to fly an option to pay a $45 fee to use a modernized alternative identity verification system, TSA Confirm.ID, to establish identity at security checkpoints beginning on February 1, 2026. Read Now

  • The Evolution of IP Camera Intelligence

    As the 30th anniversary of the IP camera approaches in 2026, it is worth reflecting on how far we have come. The first network camera, launched in 1996, delivered one frame every 17 seconds—not impressive by today’s standards, but groundbreaking at the time. It did something that no analog system could: transmit video over a standard IP network. Read Now

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

Most   Popular

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.