[Owasp-leaders] Fwd: [SAMM] Estimating Business Risk Profile
seba at owasp.org
Wed Nov 30 18:00:46 UTC 2016
good question from John below - any pointers/content we can provide to him?
---------- Forwarded message ---------
From: McParland, John <john.mcparland at cgi.com>
Date: Fri, Nov 4, 2016 at 9:40 AM
Subject: [SAMM] Estimating Business Risk Profile
To: samm at lists.owasp.org <samm at lists.owasp.org>
one of the first steps in taking my organisation on it's SAMM journey is
the activity "Estimate the Business Risk Profile" (Strategy and Metrics
Level 1, Activity A).
I've been considering how I should do this and I want to obtain or develop
a set of interview questions focused around the types of solutions and
services my organisation builds, the perceived security risks, and impact
to the business of those risks.
However I wondered how others have approached this - in particular if there
are any resources I could adopt or customize for this activity?
*John McParland MIET CEng* | System Architect, ODSC
Health Local and Scotland | CGI
CGI Ltd (UK)
Second Floor, Inovo Building, 121 George St, Glasgow, UK, G1 1RD
M: +44 7920 183 019 <+44%207920%20183019>
john.mcparland at cgi.com | www.cgi-group.co.uk
CGI IT UK Limited. A CGI Group Inc. Company
Registered Office: 250 Brook Drive, Green Park, Reading RG2 6UA,
United Kingdom. Registered in England & Wales - Number 947968
CONFIDENTIALITY NOTICE: Proprietary/Confidential Information belonging to
CGI Group Inc. and its affiliates may be contained in this message. If you
are not a recipient indicated or intended in this message (or responsible
for delivery of this message to such person), or you think for any reason
that this message may have been addressed to you in error, you may not use
or copy or deliver this message to anyone else. In such case, you should
destroy this message and are asked to notify the sender by reply e-mail.
SAMM mailing list
SAMM at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders