[Global_industry_committee] Deck on Application Security Guide for CISO & Latest Additions

Marco M. Morana marco.m.morana at gmail.com
Sun Sep 18 21:04:17 EDT 2011



I have included herein the deck that you were expecting from me as we
discussed at the last GIC conference call the Thursday prior labor day




I made some additions to the guide (*), specifically:

.         Overall goals and introduction to the several parts of the guide
before the contents

.         As we talked about, I added a general introduction to impacts by
referring to examples of negative impacts from incidents (reputational loss,
loss of revenue and loss of data)

.         Articulated the future scope of Part III and IV to include what
the CISO survey will provide in terms of determining where money is spent
and in which activities to determine if application security money is spent
effectively (I think this was suggested by Jeff as to be included in the
CISO survey). Same in part IV relative to metrics used by CISO to report
AppSec to management that we expect to come from the survey.

Let me know if you need any clarification on the deck, I tried to made it as
much as self-explanatory as possible..



Marco M.


(*) https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs






-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global_industry_committee/attachments/20110918/46c3e00f/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OWASP_AppSec Guide For CISO Summary 2011.ppt
Type: application/vnd.ms-powerpoint
Size: 573440 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/global_industry_committee/attachments/20110918/46c3e00f/attachment-0001.ppt 

More information about the Global_industry_committee mailing list