[Global_industry_committee] CISO survey 2013 questions - your feedback please

Tobias tobias.gondrom at owasp.org
Thu Nov 15 15:46:09 UTC 2012


Marco,

ok. I just included your question about the CISO role on page 16.
With that we are done and I will ask Kate to put this into surveymonkey.
My apologies it took me nearly four weeks to get from version-0 to 
include all the feedback and bring it to the final version. But I 
believe we are ready now. :-)

Best regards, Tobias


On 08/11/12 17:05, Marco Morana wrote:
> Tobias
>
> can we add the following question  (so we make it 20 :). This is
> important to tailor the guide content to the areas where CISOs are
> mostly focused on :
>
> CISO Functions & Responsibilities: Which of these functions are within
> you area of responsibility?
> 1.	Develop, articulate and implement risk management strategy for applications
> 2.	Develop and implement policies, standards and guidelines for
> application security
> 3.	Develop implement, manage and report on application security
> governance processes
> 4.	Develop and implement software security activities (e.g. S-SDLC)
> and security testing processes
> 5.	Work with executive management, business managers and internal
> audit and legal counsel to define application security requirements
> that can be verified and audited
> 6.	Measure and monitor security and risks of web application assets
> within the organization
> 7.	Application Vulnerability Management
> 8.	Network Security and perimeter defense
> 9.	Define, identify and assess the inherent security of critical web
> application assets, assess threats, vulnerabilities, business impacts
> and recommend countermeasures/corrective actions
> 10.	Procure new web application processes, services, technologies and
> testing tools for the organization
> 11.	Application security training and awareness for information
> security and software development teams
> 12.	Develop, articulate and implement continuity planning/disaster
> recovery for web applications
> 13.	Investigate and analyze suspected security incidents and data
> breaches and recommend corrective actions
>
> thanks
>
> Marco
>
> On Sat, Oct 20, 2012 at 4:55 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>> Hello dear GIC fellows,
>>
>> as discussed during our GIC call this week, I took the CISO Survey from last
>> year and revised it a little bit.
>> https://www.owasp.org/index.php/Industry:GIC_CISO_Survey_2013
>>
>> Please take a good look and review and/or make modifications until Tuesday
>> Oct-23.
>> It is in the Wiki, so you can edit easily. I will try to put whatever we
>> have by then into a surveymonkey the following day, so we can use the
>> AppSecUS to already hand-out a first set of links to the survey.
>>
>> Maybe a couple of questions as food for thought:
>> - the survey feels relatively long? Are there questions we should remove?
>> - Are there questions we missed / should add?
>> - regarding page-10 question 13 and 14: Is it really important for us (and
>> later the report readers) which tool categories are used or being planned to
>> be used? I have the feeling that some may use none and some may use all, so
>> am not sure these two questions really add significant value. What do you
>> think?
>>
>> Best regards and wish you a nice weekend, Tobias
>>



More information about the Global_industry_committee mailing list