[Owasp-leaders] OWASP CISO Cheat Sheet

marco.m.morana at gmail.com marco.m.morana at gmail.com
Sat Sep 8 14:58:17 UTC 2012


Eoin,

Thanks for connecting the dots.  We just rebooted the APPSec CISO guide last week with the first meeting, myself, Tobias and Jorge participating to the completion. I am all open to consider contributions including a cheat sheet. I think including a cheat sheet will be beneficial as well as we could align it to what we are aiming to do with the guide that is an entry point for CISO to the OWASP offering that is not just limited to the TOP ten.
Critical for these cheat sheet is translate technical language in CISO terms and cover main concerns such as compliance and information risk management. For example we start talking Appsec to CiSOs from risk management perspective such as business impacts of non compliance and vulnerability exploits and then drive execution of appsec program from risk mitigation perspective. Keep in mind that since cheating is one of the options for CISOs when fines for non lawful compliance are worth the risk because fines are cheaper than the cost of the implementation of the security measures, we should probably seeing this as and option :)

Cheers
Marco



Sent from my iPad

On 8 Sep 2012, at 14:02, Eoin <eoin.keary at owasp.org> wrote:

> Check out the CISO guide we have. Web working on. Marco Morana leads this. 
> https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs
> 
> 
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> 
> 
> On 8 Sep 2012, at 13:57, Jim Manico <jim.manico at owasp.org> wrote:
> 
>> Folks,
>> 
>> Mike Boberski was kind enough to get an OWASP CISO Cheat Sheet started.
>> 
>> Any of you CISO influencing experts care to jump in and lend support?
>> 
>> https://www.owasp.org/index.php/CISO_Cheat_Sheet
>> 
>> Remember, this is a cheat. My suggestion is, if you had a chance to speak to a CISO about AppSec, what would be the three most important items you would focus on?
>> 
>> Aloha,
>> 
>> Jim Manico
>> OWASP Volunteer
>> (808) 652-3805
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list