[Global_industry_committee] OWASP Financial Services SIG

Tom Brennan - OWASP tomb at owasp.org
Tue Feb 9 12:32:27 EST 2010


Jerry, wanted to add that you are doing a great job pulling people together,
thank for your help in the Industry SIG



On Tue, Feb 9, 2010 at 12:13 PM, Jerry Kickenson <
jerry.kickenson at verizon.net> wrote:

> Fabio,
>
> A couple of questions:
>
> 1.   Shall I approach my CISO (SWIFT) about participating?  More generally,
> how do you want to coordinate who is asked to participate?
>
> 2.   There are several folks on LinkedIn, members of the OWASP group, who
> have expressed interest in getting involved.  How, if at all, would we want
> to get them involved?  They are:
>
>   James McGovern, Enterprise Architect, The Hartford
>   Gaurav Chaturvedi, System Admin, Directi
>   Don Turnblade, Security Architect, Terra Verde Services
>   Mike Lemire, Head of Information Security, RiskMetrics Group
>   Rommel Garcia, Sr. Software Engineer, Internap
>   Mike Morris, Lead Technical Architect, USAA
>   David Zendzian, Sr. Security Engineer, Digital Resources Group
>
>
>
> Best regards,
> Jerry
>
> fabio.e.cerullo at aib.ie wrote:
>
>>
>> hi guys,
>>
>> yesterday we met with Joe Bernik to start the discussion about this OWASP
>> Financial Services SIG.
>>
>> unfortunately I forgot to send a reminder to everyone and Joe was the only
>> one to remember my previous mail :-P
>>
>> here I'm sending you the outcome from the meeting... the idea is to
>> organize maybe a bi-weekly conf call to progress some of the items below:
>>
>> - Gather a tentative list of security professionals at CISO/Management
>> level that would like to be part of a discussion panel during AppSec EU/US
>> 2010.
>> - Define a topic... an idea might be "What should financial institutions
>> do around application security?"
>> - Define a set of questions to ask these participants in order to kick off
>> the discussion.
>> - Discuss the challenges about using open source/free applications/tools
>> in financial environments... actually this could be another topic.
>> - Discuss the topics that are on top of the agenda for CISO/Security
>> Managers (eg. cybercrime, targeted attacks, app security)
>> - Show examples on how OWASP can help financial institutions to increase
>> the security of web applications.
>>
>> any questions/ideas are more than welcome.
>>
>> thank you,
>>
>> Fabio Cerullo
>> Divisional Information Security
>> Bankcentre D1,
>> Ballsbridge,
>> Dublin 4,
>> Ireland.
>>
>> Tel: +353 1 772 6309
>> Email: fabio.e.cerullo at aib.ie
>>
>>
>>
>>
>>        *Eoin <eoin.keary at owasp.org>*
>> Sent by: eoinkeary at gmail.com
>>
>> 27/01/2010 15:22
>>
>>                      To:        fabio.e.cerullo at aib.ie
>>        cc:        Joe Bernik <bernik at gmail.com>, Jerry Kickenson <
>> jerry.kickenson at verizon.net>, Jim Routh <routh3742 at gmail.com>,
>> Global_industry_committee <Global_industry_committee at lists.owasp.org>
>>        Subject:        Re: [Global_industry_committee] OWASP Financial
>> Services SIG
>>
>>
>>
>>
>>
>> I'd like to attend if this ok?
>>
>> 2010/1/27 <_fabio.e.cerullo at aib.ie_ <mailto:fabio.e.cerullo at aib.ie>>
>>
>> I could make it 8AM EST which is 1PM GMT.... anyone else would like to
>> join? thanks!
>>
>> Fabio Cerullo
>> Divisional Information Security
>> Bankcentre D1,
>> Ballsbridge,
>> Dublin 4,
>> Ireland.
>>
>> Tel: +353 1 772 6309
>> Email: _fabio.e.cerullo at aib.ie_ <mailto:fabio.e.cerullo at aib.ie>
>>
>>
>>
>>        *Joe Bernik <**_bernik at gmail.com_* <mailto:bernik at gmail.com>*>*
>>
>> 27/01/2010 14:06
>>
>>                      To:        _fabio.e.cerullo at aib.ie_ <mailto:
>> fabio.e.cerullo at aib.ie>
>>        cc:        Global_industry_committee
>> <_Global_industry_committee at lists.owasp.org_ <mailto:
>> Global_industry_committee at lists.owasp.org>>, Jerry Kickenson
>> <_jerry.kickenson at verizon.net_ <mailto:jerry.kickenson at verizon.net>>, Jim
>> Routh <_routh3742 at gmail.com_ <mailto:routh3742 at gmail.com>>
>>        Subject:        Re: OWASP Financial Services SIG
>>
>>
>>
>>
>>
>> Fabio,
>>
>> Sounds good, I am available next February 4th from 8-10 am EST.
>>
>> Joe
>>
>>
>>
>>
>> On Wed, Jan 27, 2010 at 4:43 AM, <_fabio.e.cerullo at aib.ie_ <mailto:
>> fabio.e.cerullo at aib.ie>> wrote:
>>
>> This is great! I really like to see this working... so let's have a
>> meeting (probably next week)?
>>
>> I'm in GMT zone so please let me know your location and I will coordinate
>> the conf call bridge.
>>
>> thanks!
>>
>> Fabio Cerullo
>> Divisional Information Security
>> Bankcentre D1,
>> Ballsbridge,
>> Dublin 4,
>> Ireland.
>>
>> Tel: +353 1 772 6309
>> Email: _fabio.e.cerullo at aib.ie_ <mailto:fabio.e.cerullo at aib.ie>
>>
>>
>>        *"Joe Bernik" <**_bernik at gmail.com_* <mailto:bernik at gmail.com>*>*
>>
>> 27/01/2010 01:21
>>
>>                      To:        "'Jerry Kickenson'"
>> <_jerry.kickenson at verizon.net_ <mailto:jerry.kickenson at verizon.net>>,
>> "'Jim Routh'" <_routh3742 at gmail.com_ <mailto:routh3742 at gmail.com>>,
>> <_fabio.e.cerullo at aib.ie_ <mailto:fabio.e.cerullo at aib.ie>>
>>        cc:        "Global_industry_committee"
>> <_Global_industry_committee at lists.owasp.org_ <mailto:
>> Global_industry_committee at lists.owasp.org>>
>>        Subject:        RE: OWASP Financial Services SIG
>>
>>
>>
>>
>>
>>
>> Jim and Fabio,
>>  I could  use your guidance and collaboration on this effort.
>>  Perhaps we can have a quick call to formalize our approach and potential
>> topics. Ultimately it would be great to coordinate with the Summit in Sweden
>> in June
>>  I would love to have all the CISO’s discuss emerging trends in the AppSec
>> space and then take questions from the attendees in Sweeden.
>>  Just some thoughts.
>>  Joe
>>  *
>> From:* Jerry Kickenson [mailto:_jerry.kickenson at verizon.net_ <mailto:
>> jerry.kickenson at verizon.net>] *
>> Sent:* Tuesday, January 26, 2010 10:47 AM*
>> To:* Jim Routh*
>> Cc:* Joe Bernik*
>> Subject:* Re: OWASP Financial Services SIG
>>  Jim,
>>
>> Your text look great.
>> However, there seems to be a potentially parallel effort going on in the
>> Global Industry committee.  I don't know if you get the GIC notes?  There
>> seems to be an initiative to create a CISO level group from the financial
>> industry, which Joe has indicated he would assist with.  The notes I have on
>> this follow.
>>
>> If Joe and others are putting together a CISO panel, should we perhaps
>> support that effort, and not put together another group?  Or would another
>> group (perhaps more technical, or a different level) add any value?
>>
>> Let us know what you think.  Hopefully Joe can fill us in, as well.  We
>> can then close the circle with Tom and Colin Watson.
>>
>> You can reach me at this email (_jerry.kickenson at verizon.net_ <mailto:
>> jerry.kickenson at verizon.net>, or at _jerry.kickenson at swift.com_ <mailto:
>> jerry.kickenson at swift.com>).
>>
>> Best regards,
>> Jerry
>>
>> Message: 1
>> Date: Sun, 24 Jan 2010 10:44:40 +0000
>> From: Colin Watson _<colin.watson at owasp.org>_ <mailto:
>> colin.watson at owasp.org>
>> Subject: Re: [Global_industry_committee] Global Industry committee
>>        meeting
>> To: Joe Bernik _<bernik at gmail.com>_ <mailto:bernik at gmail.com>,
>>  Global_industry_committee
>>        _<Global_industry_committee at lists.owasp.org>_ <mailto:
>> Global_industry_committee at lists.owasp.org>
>> Message-ID:
>>        _<b46e4cdd1001240244o327f63cdoedab2fd3959eb899 at mail.gmail.com>_
>> <mailto:b46e4cdd1001240244o327f63cdoedab2fd3959eb899 at mail.gmail.com>
>> Content-Type: text/plain; charset=ISO-8859-1
>>  Hi Joe
>>  That sounds of interest.  Is it worth writing up some notes proposing
>> its scope, objectives and the resources required?  It's often down to
>> us as individuals to do the legwork.
>>  Colin
>>  2010/1/19 Joe Bernik _<bernik at gmail.com>_ <mailto:bernik at gmail.com>:
>>  > Gents,
>> >
>> > I listened to the recording of the committee call over the weekend.
>> >
>> > I would be happy to assist in coordinating a CISO panel if the committee
>> > would like.
>> >
>> > I believe I can get a handful of CISO's fro the FS sector to attend.
>> >
>> > Joe
>> >
>> >
>> >
>>   ------------------------------
>> _______________________________________________
>> Global_industry_committee mailing list_
>> __Global_industry_committee at lists.owasp.org_ <mailto:
>> Global_industry_committee at lists.owasp.org>_
>> __https://lists.owasp.org/mailman/listinfo/global_industry_committee_
>>
>>
>> End of Global_industry_committee Digest, Vol 13, Issue 11
>> *********************************************************
>>
>>
>>
>>
>>
>> Jim Routh wrote:
>>
>> *LinkedIn*
>>
>> *Jim Routh* has sent you a message.
>>
>> *Date:* 1/25/2010
>>
>> *Subject:* RE: OWASP Financial Services SIG
>>
>> I sent this on December 3rd but it must have been bounced...Jerry,
>>
>> Here this is what I prepared. Feel free to cc Joe and me on your message
>> to Tom.
>>
>> PURPOSE:
>>
>> The purpose of the OWASP Financial Services Sub Group is to define and
>> rank requirements from the industry for OWASP to address and consider as
>> projects to support the maturation of software security practices for the
>> industry.
>>
>> APPROACH:
>>
>> The Financial Services SIG will reach out to selected leaders in software
>> security programs and facilitate a consensus based process for defining
>> requirements and priorities for potential OWASP project work that will
>> directly benefit financial service firms. The initial deliverable from this
>> SIG will be a list of potential project requirements in rank order with
>> descriptive information available for each one.
>>
>> ASSUMPTION:
>>
>> OWASP has been a vital and essential part of the promotion of best
>> practices in software security and growing the awareness of the need for
>> mature software security practices among the development community. This
>> effort will produce a list of potential project requirements that reflect
>> the financial service industry's needs to improve awareness and capabilities
>> leveraged by software developers through OWASP projects and engagement.
>>
>>
>> Regards,
>> Jim
>>
>> Please give me your email address.
>>
>> On 01/19/10 2:59 PM, Jerry. Kickenson wrote:
>> --------------------
>> Jim,
>>
>> Hope you had a great holiday.
>>
>> Do you think you'll have time to draft a mission/purpose statement for the
>> OWASP financial services SIG we can pass by Tom? I can probably make some
>> time over the next week or so if you are too busy.
>>
>> Let me know what you think.
>>
>> Best regards,
>> Jerry
>>
>> _View/reply to this message_ <
>> http://www.linkedin.com/e/qyIPBE0oDGKtfmgUmNk7vEiNsrK2oZ412SIPlMqMTI/mbi/I1755488726_2/
>> >
>>
>>
>> Don't want to receive e-mail notifications? _Adjust your message settings_
>> <
>> http://www.linkedin.com/e/qyIPBE0oDGKtfmgUmNk7vEiNsrK2oZ412SIPlMqMTI/blk/I1755488726_2/s6hJbOYWrSlI/mdp/>.
>>
>>
>> © 2010, LinkedIn Corporation
>>
>>
>>  ******************************************************
>> This document is strictly confidential and is intended for use by the
>> addressee unless otherwise indicated.
>>
>> This email has been scanned by an external email security system.
>>
>> Allied Irish Banks
>>
>> AIB and AIB Group are registered business names of Allied Irish Banks
>> p.l.c. Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.
>>  Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311;
>> Registered in Ireland: Registered No. 24173
>>
>> Please consider the environment before printing this e-mail.
>> ******************************************************
>>
>>
>> ******************************************************
>> This document is strictly confidential and is intended for use by the
>> addressee unless otherwise indicated.
>>
>> This email has been scanned by an external email security system.
>>
>> Allied Irish Banks
>>
>> AIB and AIB Group are registered business names of Allied Irish Banks
>> p.l.c. Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.
>>  Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311;
>> Registered in Ireland: Registered No. 24173
>>
>> Please consider the environment before printing this e-mail.
>> ******************************************************
>>
>>
>> _______________________________________________
>> Global_industry_committee mailing list_
>> __Global_industry_committee at lists.owasp.org_ <mailto:
>> Global_industry_committee at lists.owasp.org>_
>> __https://lists.owasp.org/mailman/listinfo/global_industry_committee_
>>
>>
>>
>>
>> --
>> Eoin Keary
>> OWASP Global Board Member
>> OWASP Code Review Guide Lead Author
>> _
>> __http://asg.ie/__
>> __https://twitter.com/EoinKeary_
>>
>> ******************************************************
>> This document is strictly confidential and is intended for use by the
>> addressee unless otherwise indicated.
>>
>> This email has been scanned by an external email security system.
>>
>> Allied Irish Banks
>>
>> AIB and AIB Group are registered business names of Allied Irish Banks
>> p.l.c. Allied Irish Banks, p.l.c. is regulated by the Financial Regulator.
>>  Registered Office: Bankcentre, Ballsbridge, Dublin 4. Tel: + 353 1 6600311;
>> Registered in Ireland: Registered No. 24173
>>
>> Please consider the environment before printing this e-mail.
>> ******************************************************
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20100209/901bc762/attachment-0001.html 


More information about the Global_industry_committee mailing list