[Owasp-leaders] OWASP CISO Cheat Sheet

Andy Willingham andy.willingham at owasp.org
Mon Sep 10 11:15:02 UTC 2012


Hey Marco, let me know if I can help with this.

-----Original Message-----
From: marco.m.morana at gmail.com
Sent: 9/8/2012 10:58 AM
To: Eoin
Cc: jorge.blanco.alcover at gmail.com; owasp-leaders at lists.owasp.org; Boberski, Michael [USA]
Subject: Re: [Owasp-leaders] OWASP CISO Cheat Sheet

Eoin,

Thanks for connecting the dots.  We just rebooted the APPSec CISO guide last week with the first meeting, myself, Tobias and Jorge participating to the completion. I am all open to consider contributions including a cheat sheet. I think including a cheat sheet will be beneficial as well as we could align it to what we are aiming to do with the guide that is an entry point for CISO to the OWASP offering that is not just limited to the TOP ten.
Critical for these cheat sheet is translate technical language in CISO terms and cover main concerns such as compliance and information risk management. For example we start talking Appsec to CiSOs from risk management perspective such as business impacts of non compliance and vulnerability exploits and then drive execution of appsec program from risk mitigation perspective. Keep in mind that since cheating is one of the options for CISOs when fines for non lawful compliance are worth the risk because fines are cheaper than the cost of the implementation of the security measures, we should probably seeing this as and option :)

Cheers
Marco



Sent from my iPad

On 8 Sep 2012, at 14:02, Eoin <eoin.keary at owasp.org> wrote:

> Check out the CISO guide we have. Web working on. Marco Morana leads this. 
> https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs
> 
> 
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> 
> 
> On 8 Sep 2012, at 13:57, Jim Manico <jim.manico at owasp.org> wrote:
> 
>> Folks,
>> 
>> Mike Boberski was kind enough to get an OWASP CISO Cheat Sheet started.
>> 
>> Any of you CISO influencing experts care to jump in and lend support?
>> 
>> https://www.owasp.org/index.php/CISO_Cheat_Sheet
>> 
>> Remember, this is a cheat. My suggestion is, if you had a chance to speak to a CISO about AppSec, what would be the three most important items you would focus on?
>> 
>> Aloha,
>> 
>> Jim Manico
>> OWASP Volunteer
>> (808) 652-3805
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120910/83105201/attachment.html>


More information about the OWASP-Leaders mailing list