[Owasp-leaders] OWASP Summit and the Basel Accords

dinis cruz dinis.cruz at owasp.org
Fri Dec 10 09:25:41 EST 2010


this looks like a great Summit Session: "Mapping 'Web Application Security'
to Basel II Accord"

Dinis Cruz

On 10 December 2010 14:22, Stephen de Vries <stephen at twisteddelight.org>wrote:

>
> Hi Lucas,
>
> I don't think you'll find direct statements that link app security to the
> Basel II accord, or indeed any of the financial standards (like FSA in UK or
> SOX US [correct me if I'm wrong here] ).   Instead, you'll find vague
> requirements like:
>
> - Failure to maintain audit or review of work papers for at least five
> years is punishable by up to five years in prison, and/or a fine.
> - Corruptly altering, destroying, or concealing records or documents in
> order to compromise the integrity of the record for use in an official
> proceeding is punishable by up to 20 years in prison, and/or an unspecified
> fine amount.
> - etc.
>
> So you'll have to join the dots between the requirement to provide data
> confidentiality and integrity and how that links up with the need to build
> and maintain secure applications.  Not a stretch at all, and I think most
> people in the finance/security world will easily see how insecure apps lead
> to insecure data which leads to non-compliance with Basell II etc.
>
>
> Stephen "2c" de Vries
>
>
> On Dec 10, 2010, at 3:02 PM, Lucas Ferreira wrote:
>
> > Hello James,
> >
> > Do you have any documents about this? My point is that if we can show
> that application security is part of the requirements of Basel II or similar
> accords, we could hook more easily the banks and their regulators in the
> discussion.
> >
> > If I can put together such an argument, we could use it to bring these
> people to the summit. The main problem is that I am not very familiar with
> these frameworks (Basel, Solvency, etc) and the time is short. So, any
> pointer would be helpful.
> >
> > Thanks,
> >
> > Lucas
> >
> > On Fri, Dec 10, 2010 at 11:56, James McGovern <JMcGovern at virtusa.com>
> wrote:
> > Solvency II is the insurance version of Basel II and there are many
> parallel approaches used…
> >
> >
> > James McGovern
> > Insurance SBU
> >
> > Virtusa Corporation
> >
> > 100 Northfield Drive, Suite 305 | Windsor, CT | 06095
> >
> > Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890
> >
> > <image001.jpg> <image002.gif> <image003.gif> <image004.gif>
> <image005.gif>
> >
> >
> > From: owasp-leaders-bounces at lists.owasp.org [mailto:
> owasp-leaders-bounces at lists.owasp.org] On Behalf Of dinis cruz
> > Sent: Friday, December 10, 2010 8:29 AM
> > To: Lucas Ferreira; owasp-leaders at lists.owasp.org
> > Subject: Re: [Owasp-leaders] OWASP Summit and the Basel Accords
> >
> >
> > Hey Leaders, as per Lucas question below, anybody here as experience with
> OWASP and the Basel Accords (i.e.
> http://en.wikipedia.org/wiki/Basel_Accords)
> > Thanks
> >
> >
> > Dinis Cruz
> >
> > On 8 December 2010 16:45, Lucas Ferreira <lucas.ferreira at owasp.org>
> wrote:
> >
> > Hello Jason and Dinis,
> >
> > I am seeking arguments do convince the Brazilian Central Bank to
> > participate in the Summit. One of the possible arguments is to link
> > possible Summit results to the Basel Accords. Can you help me with
> > this? Do we have any work relating appsec to Basel?
> >
> > Thanks,
> >
> > Lucas
> >
> > --
> > Homo sapiens non urinat in ventum.
> >
> >
> > Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast
> 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list
> and 2010 FinTech 100 among others.
> >
> >
> ---------------------------------------------------------------------------------------------
> >
> > This message, including any attachments, contains confidential
> information intended for a specific individual and purpose, and is intended
> for the addressee only. Any unauthorized disclosure, use, dissemination,
> copying, or distribution of this message or any of its attachments or the
> information contained in this e-mail, or the taking of any action based on
> it, is strictly prohibited. If you are not the intended recipient, please
> notify the sender immediately by return e-mail and delete this message.
> >
> >
> ---------------------------------------------------------------------------------------------
> >
> >
> >
> >
> > --
> > Homo sapiens non urinat in ventum.
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101210/d60380e3/attachment-0001.html 


More information about the OWASP-Leaders mailing list