[Owasp-leaders] OWASP and ISACA?
McGovern, James F. (P+C Technology)
James.McGovern at thehartford.com
Mon Feb 1 10:42:15 EST 2010
A topic of keen interest to me. The Hartford Chapter of OWASP is going to do a co-event with the Hartford and Boston chapters of ISACA on March 17th. We are going to do a half-day event on "Auditing of Web Application Security". One of my new years resolutions is to stop making fun of auditors who like to send out official questionaires inquiring as to whether an organization is deemed secure merely because they have a clean desk policy and their number two pencils are sharpened :-)
Seriously, we are seeding our discussion with an overview of SAMM and figuring out whether the language contained within is sufficient "control" language for auditors. Some of the challenges I have ran across (and conquered) with ISACA include but are not limited to:
- Charging for the event vs making it free to attend
- Time in which it is held (OWASP tends to be evening while ISACA tends to be daytime) - I waivered here
- Where it would be held (we use our facilities so there is no charge)
- Registration (they do formal tracking for CPE while I only need to know who is showing up for purposes of physical security)
- Speakers, OWASP tends to have more in the way of participants who also want to speak vs ISACA tends to have more that strictly attend.
- Marketing My marketing style is more 2.0. They still do traditional marketing
- Making it a peer event (my personality tends to desire to dominate everything I touch)
-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Stanka Šalamun
Sent: Monday, February 01, 2010 6:27 AM
To: owasp-leaders at lists.owasp.org
Subject: [Owasp-leaders] OWASP and ISACA?
Hello OWASP leaders,
Tomorrow I will have a chance to do some OWASP marketing at ISACA Chapter Slovenia. Is there any good practice of OWASP-ISACA cooperation? In the back of my mind I have a memory that there were some common events (conferences?).
In ISACA it is really important to collect CPE point. Do we have some process to support that or are we thinking about something like this?
Thanks :)
Heve a sunny day,
Stanka
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
More information about the OWASP-Leaders
mailing list