[Owasp-leaders] OWASP Summit and the Basel Accords

James McGovern JMcGovern at virtusa.com
Fri Dec 10 12:02:16 EST 2010


In Pillar II for Solvency, it has a category named "operational risk" in
which we would fit if you thought about it deeply, but otherwise is
intentionally left to interpretation. In order to close the gap, the
OWASP EU crowd could attempt to get regulators to adopt the OWASP risk
rating approach as one of the supported methods of quantifying. In the
same way, I tend to acknowledge/make fun of the auditor crowd who has
their checklists for clean desk policies and number two pencils being
sharpened and the simple fact that most auditors come from an accountant
background, Solvency and Basel struggle in the fact that they are at
some level asking a new demographic of Actuarials to understand
operating risk as well.

 

Maybe we need to figure out how to take the OWASP risk rating framework
and expose to the actuarial crowd and get some feedback?

 

James McGovern
Insurance SBU 

Virtusa Corporation

100 Northfield Drive, Suite 305 | Windsor, CT | 06095

Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890  

  <http://www.virtusa.com/>    <http://www.virtusa.com/blog/>   
<https://twitter.com/VirtusaCorp>   
<http://www.linkedin.com/companies/virtusa>   
<http://www.facebook.com/VirtusaCorp> 

 

From: lucas.ferreira at gmail.com [mailto:lucas.ferreira at gmail.com] On
Behalf Of Lucas Ferreira
Sent: Friday, December 10, 2010 9:03 AM
To: James McGovern
Cc: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] OWASP Summit and the Basel Accords

 

Hello James,

 

Do you have any documents about this? My point is that if we can show
that application security is part of the requirements of Basel II or
similar accords, we could hook more easily the banks and their
regulators in the discussion.

 

If I can put together such an argument, we could use it to bring these
people to the summit. The main problem is that I am not very familiar
with these frameworks (Basel, Solvency, etc) and the time is short. So,
any pointer would be helpful.

 

Thanks,

 

Lucas

On Fri, Dec 10, 2010 at 11:56, James McGovern <JMcGovern at virtusa.com>
wrote:

Solvency II is the insurance version of Basel II and there are many
parallel approaches used...

 

James McGovern
Insurance SBU 

Virtusa Corporation

100 Northfield Drive, Suite 305 | Windsor, CT | 06095

Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890  

 <http://www.virtusa.com/>   <http://www.virtusa.com/blog/>   
<https://twitter.com/VirtusaCorp>   
<http://www.linkedin.com/companies/virtusa>   
<http://www.facebook.com/VirtusaCorp> 

 

From: owasp-leaders-bounces at lists.owasp.org [mailto:
owasp-leaders-bounces at lists.owasp.org] On Behalf Of dinis cruz
Sent: Friday, December 10, 2010 8:29 AM
To: Lucas Ferreira; owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] OWASP Summit and the Basel Accords

 

Hey Leaders, as per Lucas question below, anybody here as experience
with OWASP and the Basel Accords (i.e. 
http://en.wikipedia.org/wiki/Basel_Accords)


Thanks


Dinis Cruz

On 8 December 2010 16:45, Lucas Ferreira <lucas.ferreira at owasp.org>
wrote:

Hello Jason and Dinis,

I am seeking arguments do convince the Brazilian Central Bank to
participate in the Summit. One of the possible arguments is to link
possible Summit results to the Basel Accords. Can you help me with
this? Do we have any work relating appsec to Basel?

Thanks,

Lucas

--
Homo sapiens non urinat in ventum.

 

Virtusa was recently ranked and featured in 2010 Deloitte Technology
Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100
sub-list and 2010 FinTech 100 among others.
 
------------------------------------------------------------------------
---------------------
 
This message, including any attachments, contains confidential
information intended for a specific individual and purpose, and is
intended for the addressee only. Any unauthorized disclosure, use,
dissemination, copying, or distribution of this message or any of its
attachments or the information contained in this e-mail, or the taking
of any action based on it, is strictly prohibited. If you are not the
intended recipient, please notify the sender immediately by return
e-mail and delete this message.
 
------------------------------------------------------------------------
---------------------




-- 
Homo sapiens non urinat in ventum.


Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list and 2010 FinTech 100 among others.

---------------------------------------------------------------------------------------------

This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.

---------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101210/eed55c52/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1397 bytes
Desc: image001.jpg
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101210/eed55c52/attachment-0001.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 744 bytes
Desc: image002.gif
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101210/eed55c52/attachment-0004.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1211 bytes
Desc: image003.gif
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101210/eed55c52/attachment-0005.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 789 bytes
Desc: image004.gif
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101210/eed55c52/attachment-0006.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 763 bytes
Desc: image005.gif
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101210/eed55c52/attachment-0007.gif 


More information about the OWASP-Leaders mailing list