Overview
Explore a comprehensive conference talk on the 2013 AppSec Guide and CISO Survey, focusing on making OWASP visible to Chief Information Security Officers (CISOs). Delve into the development of OWASP's guidance for CISOs, including the results of a 2013 survey tailored to their needs. Learn about translating technical risks into business impacts, compliance with standards, and risk management. Discover how the guide helps CISOs make the business case for application security investments and introduces them to projects and resources for managing web application security risks. Gain insights from speakers Tobias Gondrom and Marco Morana on application security, cryptography, and global standardization in the financial, technology, and government sectors.
Syllabus
Intro
Agenda
How we started
Awareness gap
Development process
Methodology
External Threats on the Rise
Application Specific Risks and Threats
Trend
Threats
Investment Strategy
Investment Priorities
Security Strategy
Application Security Management
Top 5 Challenges
Top 5 Useful Projects
CISO Guide
Awareness Slide
How much do you need to invest
What about risk management
Compliance
Business Case
Guide Structure
Additional References
Taught by
OWASP Foundation