[Owasp-denver] Reminder: Denver OWASP Tomorrow (Wed) @6PM

Eric Duprey eduprey at owasp.org
Tue May 19 15:00:26 EDT 2009

This is a reminder that the Denver OWASP meeting is tomorrow evening
(Wednesday 5/20) at Raytheon Polar Services, at 6:00 PM.

7400 S. Tucson Way, Centennial CO  80112

Directions: http://maps.google.com/maps?q=7400+S+Tucson+Way+80112

More information is available at:


If you have not accepted the previous calendar invite and need to RSVP,
please send email to eduprey at owasp.org to help us in planning for the
proper amount of food and beverage.  :)


The May meeting of the Denver OWASP chapter is on the topic of compliance,
communicating risk, and justifying spending on an application security
program.  Given the current economy, (heightened risk and an often-limited
security budget) these issues are increasingly vital.

Date: 5/20/2009 @ 6:00 PM Mountain Time

Title:  Compliance while under siege: justifying security spending for the
holes in your defenses.

Presenters: Dr. Joseph McComb, CISSP, CISA, G7799, CHSS and Daniel Weiske,

Synopsis:  This presentation will show how to integrate a compliance
framework into application security testing to produce an effective
mechanism for presenting risk. Regulations, including security breach
notification legislation, HIPAA, FISMA and other regulations specify
penalties for failing to safeguard specific types of information. This
presentation will demonstrate how to weave regulatory frameworks into the
application testing process and how to quantify risk based upon penalties
and ease of exploitation.  Using real world examples, the presenters will
show how this methodology can be used to justify security testing as a
necessary expenditure for a secure environment.

More information is at http://www.owasp.org/index.php/Denver



Eric Duprey
Denver OWASP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-denver/attachments/20090519/b69ed37a/attachment.html 

More information about the OWASP-DENVER mailing list