[Owasp-pci-project] Policies and Controls
McGovern, James F (HTSC, IT)
James.McGovern at thehartford.com
Thu Aug 6 09:59:06 EDT 2009
Enterprise policies and controls aren't really targeted at the
enterprise architect crowd. What I am referring to is usually created
by a combination of Information Security Folks and legal folks where
employees have to attest to them on a periodic basis subject to
termination. There is also a component where an audit group (Think Big
Four) will see if you are following your controls.
http://www.bankinfosecurity.com/articles.php?art_id=176
Going further down this path, there are <<questionairres>> that are
exchanged between organizations to determine security posture.
Approaches such as BITS Shared Assessment
(http://www.sharedassessments.org/) comes to mind where we can inject
thinking regarding web application security.
________________________________
From: owasp-pci-project-bounces at lists.owasp.org
[mailto:owasp-pci-project-bounces at lists.owasp.org] On Behalf Of
Christian Heinrich
Sent: Wednesday, August 05, 2009 9:30 PM
To: owasp-pci-project at lists.owasp.org
Subject: Re: [Owasp-pci-project] Policies and Controls
James,
It would depend on if the current OWASP related publications are not
suitable for an Enterprise Architect audience?
On Wed, Aug 5, 2009 at 1:12 AM, McGovern, James F (HTSC, IT)
<James.McGovern at thehartford.com> wrote:
Is there merit in OWASP publishing off-the-shelf policies and
controls for enterprise usage that relate to secure web application
development?
************************************************************
This communication, including attachments, is for the exclusive
use of addressee and may contain proprietary, confidential and/or
privileged information. If you are not the intended recipient, any use,
copying, disclosure, dissemination or distribution is strictly
prohibited. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this communication and
destroy all copies.
************************************************************
_______________________________________________
Owasp-pci-project mailing list
Owasp-pci-project at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-pci-project
--
Regards,
Christian Heinrich - http://sn.im/cmlh_linkedin_profile
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
Speaking Schedule at http://sn.im/cmlh_speaking_schedule
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-pci-project/attachments/20090806/6d925de2/attachment-0001.html
More information about the Owasp-pci-project
mailing list