[Global_industry_committee] CISO survey 2013 questions - your feedback please
tobias.gondrom at owasp.org
Thu Nov 15 15:46:09 UTC 2012
ok. I just included your question about the CISO role on page 16.
With that we are done and I will ask Kate to put this into surveymonkey.
My apologies it took me nearly four weeks to get from version-0 to
include all the feedback and bring it to the final version. But I
believe we are ready now. :-)
Best regards, Tobias
On 08/11/12 17:05, Marco Morana wrote:
> can we add the following question (so we make it 20 :). This is
> important to tailor the guide content to the areas where CISOs are
> mostly focused on :
> CISO Functions & Responsibilities: Which of these functions are within
> you area of responsibility?
> 1. Develop, articulate and implement risk management strategy for applications
> 2. Develop and implement policies, standards and guidelines for
> application security
> 3. Develop implement, manage and report on application security
> governance processes
> 4. Develop and implement software security activities (e.g. S-SDLC)
> and security testing processes
> 5. Work with executive management, business managers and internal
> audit and legal counsel to define application security requirements
> that can be verified and audited
> 6. Measure and monitor security and risks of web application assets
> within the organization
> 7. Application Vulnerability Management
> 8. Network Security and perimeter defense
> 9. Define, identify and assess the inherent security of critical web
> application assets, assess threats, vulnerabilities, business impacts
> and recommend countermeasures/corrective actions
> 10. Procure new web application processes, services, technologies and
> testing tools for the organization
> 11. Application security training and awareness for information
> security and software development teams
> 12. Develop, articulate and implement continuity planning/disaster
> recovery for web applications
> 13. Investigate and analyze suspected security incidents and data
> breaches and recommend corrective actions
> On Sat, Oct 20, 2012 at 4:55 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>> Hello dear GIC fellows,
>> as discussed during our GIC call this week, I took the CISO Survey from last
>> year and revised it a little bit.
>> Please take a good look and review and/or make modifications until Tuesday
>> It is in the Wiki, so you can edit easily. I will try to put whatever we
>> have by then into a surveymonkey the following day, so we can use the
>> AppSecUS to already hand-out a first set of links to the survey.
>> Maybe a couple of questions as food for thought:
>> - the survey feels relatively long? Are there questions we should remove?
>> - Are there questions we missed / should add?
>> - regarding page-10 question 13 and 14: Is it really important for us (and
>> later the report readers) which tool categories are used or being planned to
>> be used? I have the feeling that some may use none and some may use all, so
>> am not sure these two questions really add significant value. What do you
>> Best regards and wish you a nice weekend, Tobias
More information about the Global_industry_committee