Back To Schedule
Wednesday, November 20 • 1:00pm - 1:50pm
2013 AppSec Guide and CISO Survey: Making OWASP Visible to CISOs

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Video of session:

As organization born from grass root ideals and volunteering efforts that stared 12 years ago from the visionaries of the like of Mark Curphey and the likes OWASP has grown in members. OWASP mission has been to make application security visible to application security stakeholders. Thanks to the OWASP corporate sponsors and volunteers working on sponsored projects, OWASP has delivered free tools and guides that helped software developers to build more secure web applications. Most notably, the OWASP Top Ten provided the benchmark for testing web application vulnerabilities for several organizations. Projects such as the development guide and testing guide provides pointed guidance to software developers on how to design and test web applications. Among the application security stakeholders that OWASP serve today, (CISOs) Chief Information Security Officers are often the ones that make decisions on rolling out application security programs and activities invest in new tools and set budget for application security resources. Recognizing the important role that the CISO has in managing application security processes within the organizations, OWASP sponsored a project in 2012 to develop guidance specifically for CISOs. The aim of the OWASP guide is to provide useful guidance to CISOs for effectively managing the risks of insecure web applications and software by planning the application security activities, investing in countermeasures to mitigate threats and considering the costs and the benefits for the organization. Recognizing that a CISO guide has first and for most capture the needs of CISO in managing application security from information security governance, risk and compliance perspectives a survey was developed in parallel with the draft of the CISO Guide. As the results of the 2013 CISO survey have become available, they have been used to tailor the guide to the specific CISOs needs. One of the most important aspects covered in the CISO guide are to making the business case for application security investments by helping CISOs in translating technical risks such as the OWASP top ten into business impacts, compliance with standards and regulations and risk management. Specifically the version of the guide that is presented at OWASP AppSec USA will be the first version that highlights the results of the CISO survey and seek to introduce CISOs to projects/resources that can help them in rolling out an application security program whose main goal is managing web application security risks.

avatar for Tobias Gondrom

Tobias Gondrom

Global Board Member, OWASP
Tobias Gondrom is a global board member of OWASP (Open Web Application Security Project) and former chairman until December 2015. And until April 2015, he was leading a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, United Kingdom and... Read More →
avatar for Marco Morana

Marco Morana

Director Head of Security Architecture, JPMC
Dr. Morana is SVP at Citi's Information Security based in Tampa focusing on bringing emerging technologies for cybersecurity and FinTech to the level of maturity required for adoption by Citi and Citi clients. In his day to day job his focus is document internal technology standards... Read More →

Wednesday November 20, 2013 1:00pm - 1:50pm EST
Salon 3 (5th Floor Ballroom) NY Marriott Marquis

Attendees (0)