OWASP - User contributions [en]

OWASP - Cyber Security in the Boardroom

2019-12-13T16:48:38Z

Sherif:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
# A Primer on Cyber Security for the Board
# Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO* )
# Top 10 Criteria for leading a Cyber Security program
# Cyber Threats per Industry Sector
# Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Selecting and evaluating the head of the Cyber Security Program ==
Head of the Cyber Security Program; Selection & Evaluation Guidelines:
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what it means treating security as an ‘enabler’ in the context of the organisation,
# taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Readiness, Containment and Treatment
# Response and Continuity Plan

== Cyber Threats per Industry/Sector ==
* Automotive
* Oil & Gas
* Consumer Products
* Power & Utilities
* Government & Public Sector
* Life Sciences
* Telecommunications & Media
* Real Estate
* Technology
* Mining & Metals
* Private Equity
* Finance & Banking

== Cyber Security Framework ==
How to build / consider starting with a framework:
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Footnotes==
<nowiki>*</nowiki>CCO: Cheif Cyber Security Officer

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP cyber security in the Boardroom provides:

1) A primer on cyber security for the board

2) Selecting and evaluating the head of the cyber security program

3) Top 10 criteria for leading a cyber security program

4) Cyber threats per industry/sector

5) Cyber security framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* TBA<div class="center" style="width: auto; margin-left: auto; margin-right: auto;"></div>

== News and Events ==
* TBD
* TBD
== In Print ==
This project can be purchased as a print on demand book from Lulu.com

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>
==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =

== Priorities ==
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T16:43:30Z

Sherif:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
# A Primer on Cyber Security for the Board
# Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO* )
# Top 10 Criteria for leading a Cyber Security program
# Cyber Threats per Industry Sector
# Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Selecting and evaluating the head of the Cyber Security Program ==
Head of the Cyber Security Program; Selection & Evaluation Guidelines:
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Readiness, Containment and Treatment
# Response and Continuity Plan

== Cyber Threats per Industry/Sector ==
* Automotive
* Oil & Gas
* Consumer Products
* Power & Utilities
* Government & Public Sector
* Life Sciences
* Telecommunications & Media
* Real Estate
* Technology
* Mining & Metals
* Private Equity
* Finance & Banking

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Footnotes==
<nowiki>*</nowiki>CCO: Cheif Cyber Security Officer

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP cyber security in the Boardroom provides:

1) A primer on cyber security for the board

2) Selecting and evaluating the head of the cyber security program

3) Top 10 criteria for leading a cyber security program

4) Cyber threats per industry/sector

5) Cyber security framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* TBA<div class="center" style="width: auto; margin-left: auto; margin-right: auto;"></div>

== News and Events ==
* TBD
* TBD
== In Print ==
This project can be purchased as a print on demand book from Lulu.com

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>
==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =

== Priorities ==
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T15:20:04Z

Sherif:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
# A Primer on Cyber Security for the Board
# Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO* )
# Top 10 Criteria for leading a Cyber Security program
# Cyber Threats per Industry Sector
# Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Selecting and evaluating the head of the Cyber Security Program ==
Head of the Cyber Security Program; Selection & Evaluation Guidelines:
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Readiness, Containment and Treatment
# Response and Continuity Plan

== Cyber Threats per Industry/Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Footnotes==
<nowiki>*</nowiki>CCO: Cheif Cyber Security Officer

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP cyber security in the Boardroom provides:

1) A primer on cyber security for the board

2) Selecting and evaluating the head of the cyber security program

3) Top 10 criteria for leading a cyber security program

4) Cyber threats per industry/sector

5) Cyber security framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* TBA<div class="center" style="width: auto; margin-left: auto; margin-right: auto;"></div>

== News and Events ==
* TBD
* TBD
== In Print ==
This project can be purchased as a print on demand book from Lulu.com

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>
==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =

== Priorities ==
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T15:17:48Z

Sherif:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
# A Primer on Cyber Security for the Board
# Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO* )
# Top 10 Criteria for leading a Cyber Security program
# Cyber Threats per Industry Sector
# Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Selecting and evaluating the head of the Cyber Security Program ==
Head of the Cyber Security Program; Selection & Evaluation Guidelines:
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Readiness, Containment and Treatment
# Response and Continuity Plan

== Cyber Threats per Industry/Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Footnotes==
<nowiki>*</nowiki>CCO: Cheif Cyber Security Officer

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP cyber security in the Boardroom provides:

1) A primer on cyber security for the board

2) Selecting and evaluating the head of the cyber security program

3) Top 10 criteria for leading a cyber security program

4) Cyber threats per industry/sector

5) Cyber security framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* TBA

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* TBD
* TBD

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =

== Priorities ==
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:57:24Z

Sherif:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
# A Primer on Cyber Security for the Board
# Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO* )
# Top 10 Criteria for leading a Cyber Security program
# Cyber Threats per Industry Sector
# Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security Program ==
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry/Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Footnotes==
<nowiki>*</nowiki>CCO: Cheif Cyber Security Officer

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP cyber security in the Boardroom provides:

1) A primer on cyber security for the board

2) Guidelines for selecting and evaluating the head of the cyber security program

3) Top 10 criteria for leading a cyber security program

4) Cyber threats per industry/sector

5) Cyber security framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* TBA

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* TBD
* TBD

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =

== Priorities ==
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:55:53Z

Sherif:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
# A Primer on Cyber Security for the Board
# Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO* )
# Top 10 Criteria for leading a Cyber Security program
# Cyber Threats per Industry Sector
# Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security Program ==
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry/Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Footnotes==
CCO*: Cheif Cyber Security Officer

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP cyber security in the Boardroom provides:

1) A primer on cyber security for the board

2) Guidelines for selecting and evaluating the head of the cyber security program

3) Top 10 criteria for leading a cyber security program

4) Cyber threats per industry/sector

5) Cyber security framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* TBA

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* TBD
* TBD

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =

== Priorities ==
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:53:58Z

Sherif:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
# A Primer on Cyber Security for the Board
# Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO* )
# Top 10 Criteria for leading a Cyber Security program
# Cyber Threats per Industry Sector
# Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security Program ==
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry/Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Footnotes==
CCO*: Cheif Cyber Security Officer

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP Cyber Security in the Boardroom provides:

1) A Primer on Cyber Security for the Board

2) Guidelines for selecting and evaluating the head of theCyber Security program

3) Top 10 Criteria for leading a Cyber Security program

4) Cyber Threats per Industry/Sector

5) Cyber Security Framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* TBA

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* TBD
* TBD

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =

== Priorities ==
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:52:47Z

Sherif:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
# A Primer on Cyber Security for the Board
# Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO* )
# Top 10 Criteria for leading a Cyber Security program
# Cyber Threats per Industry Sector
# Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security Program ==
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry/Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Footnotes==
CCO*: Cheif Cyber Security Officer

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP Cyber Security in the Boardroom provides:

1) A Primer on Cyber Security for the Board

2) Guidelines for selecting and evaluating the head of theCyber Security program

3) Top 10 Criteria for leading a Cyber Security program

4) Cyber Threats per Industry Sector

5) Cyber Security Framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* TBA

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* TBD
* TBD

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =

== Priorities ==
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:49:56Z

Sherif:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
# A Primer on Cyber Security for the Board
# Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO* )
# Top 10 Criteria for leading a Cyber Security program
# Cyber Threats per Industry Sector
# Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security Program ==
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry/Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Footnotes==
CCO*: Cheif Cyber Security Officer

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP Cyber Security in the Boardroom provides:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* TBA

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* TBD
* TBD

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =

== Priorities ==
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:48:16Z

Sherif:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
# A Primer on Cyber Security for the Board
# Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/ *CCO )
# Top 10 Criteria for leading a Cyber Security program
# Cyber Threats per Industry Sector
# Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security Program ==
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry/Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Footnotes==
<nowiki>*</nowiki>CCO: Cheif Cyber Security Officer

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP Cyber Security in the Boardroom provides:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* [[OWASP - Cyber Security in the Boardroom?|Link to page/download]]

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* TBD
* TBD

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =

== Priorities ==
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:44:33Z

Sherif: edit

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
# A Primer on Cyber Security for the Board
# Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
# Top 10 Criteria for leading a Cyber Security program
# Cyber Threats per Industry Sector
# Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security Program ==
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry/Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP Cyber Security in the Boardroom provides:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* [[OWASP - Cyber Security in the Boardroom?|Link to page/download]]

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* TBD
* TBD

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =

== Priorities ==
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:40:24Z

Sherif: Edits

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face in order for them to protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors expectations, what their roles and responsibilities are and, how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security Program ==
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry/Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP Cyber Security in the Boardroom provides:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* [[OWASP - Cyber Security in the Boardroom?|Link to page/download]]

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* TBD
* TBD

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =

== Priorities ==
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:35:48Z

Sherif:

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom Initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face order for them protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors, what their roles and responsibilities are & how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security Program ==
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP Cyber Security in the Boardroom provides:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==

* Paul Harragan

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* [[OWASP - Cyber Security in the Boardroom?|Link to page/download]]

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* TBD
* TBD

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:26:07Z

Sherif: test

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom Initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face order for them protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors, what their roles and responsibilities are & how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security Program ==
# Background in dealing with information security challenges.
# Deep understanding of the Security Mindset and the Security Culture.
# Clear view of what does it means treating security as an ‘enabler’ in the context of the organisation taking under consideration the business needs, strategy and vision.
# The twin nature of regulatory compliance and the role of the DPO in Data Privacy.
# Translating Risk from/to Business Needs.
# Addressing and communicating the “so what” question(s).
# The functional role of IT Security and how InfoSec deals with GRC, including the legal issues.
# Expert input on the fast-evolving digital ecosystem.
# Be able to distinguish between skills gap challenges versus talent acquisition oversights.
# Measure risk, compliance and maturity.

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP Cyber Security in the Boardroom provides:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

== Related Projects ==

* [[OWASP_CISO_Survey]]

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* [[OWASP - Cyber Security in the Boardroom?|Link to page/download]]

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* TBD
* TBD

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:24:32Z

Sherif: Update content

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

OWASP Cyber Security in the Boardroom Initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face order for them protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors, what their roles and responsibilities are & how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security program ==

#

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP Cyber Security in the Boardroom provides:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

== Related Projects ==

* [[OWASP_CISO_Survey]]

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* [[OWASP - Cyber Security in the Boardroom?|Link to page/download]]

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* TBD
* TBD

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Work in Progress
;
; Q1
: A1

; Q2
: A2

= Acknowledgements =
; Work in Progress

==Volunteers==
OWASP Cyber Security in the Boardroom Initiative is developed by a worldwide team of volunteers. The primary contributors to date have been:

* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

= Road Map and Getting Involved =
As of 12th December 2019, the priorities are:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:05:51Z

Sherif: Update

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

Owasp Cyber Security in the Boardroom Initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face order for them protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors, what their roles and responsibilities are & how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security program ==

#

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP Cyber Security in the Boardroom provides:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos

== Contributors ==
* Paul Harragan

== Related Projects ==

* [[OWASP_CISO_Survey]]

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* Link to page/download

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

* xxx
* xxx

==Others==
* xxx
* xxx

= Road Map and Getting Involved =
As of XXX, the priorities are:
* xxx
* xxx
* xxx

Involvement in the development and promotion of XXX is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* xxx
* xxx

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T14:01:59Z

Sherif: Added more content

=Main=

<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

==OWASP - Cyber Security in the Boardroom==

Owasp Cyber Security in the Boardroom Initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face order for them protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors, what their roles and responsibilities are & how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

==Initiative Deliverables==
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

==A Primer on Cyber Security for the Board==

# '''Overview of Cyber Security for a Board of Directors'''
#* The Main Concepts of Cyber Security
#* The Challenges with Cyber Security
#* The Impacts of Cyber Security on an organisation
#* Responding to a Cyber Security Incident
#* Cyber Security Myths and Misconceptions
#* Cyber Security and Corporate Responsibility
# '''Overview of the Board of Directors for Cyber Security Professionals'''
#* Roles and Responsibilities of the Board
#* Board of Director Liabilities
#* Corporate Governance
#* Company Strategy and the role of Cyber Security
# '''Appendix'''
#* Useful Cyber Security References
#* Useful Board of Directors References
#* Scenarios

==Guidelines for selecting and evaluating the head of the Cyber Security program ==

#

== Top 10 Criteria for leading a Cyber Security program ==
# Establish segregation of duties and ownership of responsibilities for the cyber security program
# Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
# Organisational culture (security culture, mindset)
# Sector-focused prioritization of risks, types of attacks, threat actors.
# Mission Critical vs Business Critical; systems, networks and data.
# Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
# Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
# Third-Party Risks (incl. Supply Chain)
# Containment
# Response Plan

== Cyber Threats per Industry Sector ==

== Cyber Security Framework ==
* Policies & Procedures Creation Guidelines
* Data Classification Guidelines
* Compliance
* Information Security Risk Management
* Information Security Incident Management
* Information Systems Continuity Management
* Third-Party Security

==Licensing==
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

| style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

== What is Cyber Security in the Boardroom? ==

OWASP Cyber Security in the Boardroom provides:
* A Primer on Cyber Security for the Board
* Guidelines for selecting and evaluating the head of the Cyber Security program
* Top 10 Criteria for leading a Cyber Security program
* Cyber Threats per Industry Sector
* Cyber Security Framework

== Presentation ==

Link to presentation

== Project Leaders ==
* Sherif Mansour
* Grigorios Fragkos
* Paul Harragan

== Related Projects ==

* [[OWASP_CISO_Survey]]

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

* Link to page/download

== Donate to OWASP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Other (Website Donation) }}</div>

== News and Events ==
* [20 Nov 2013] News 2
* [30 Sep 2013] News 1

== In Print ==
This project can be purchased as a print on demand book from Lulu.com

==Classifications==

{| width="200" cellpadding="2"
|-
| rowspan="2" width="50%" valign="top" align="center" | [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
| width="50%" valign="top" align="center" | [[File:Owasp-builders-small.png|link=Builders]]
|-
| width="50%" valign="top" align="center" | [[File:Owasp-defenders-small.png|link=Defenders]]
|-
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
|}

|}

=FAQs=

; Q1
: A1

; Q2
: A2

= Acknowledgements =
==Volunteers==
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

* xxx
* xxx

==Others==
* xxx
* xxx

= Road Map and Getting Involved =
As of XXX, the priorities are:
* xxx
* xxx
* xxx

Involvement in the development and promotion of XXX is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
* xxx
* xxx

=Project About=
{{:Projects/Owasp_Cyber_Security_at_the_Board_Level_Project_About_Page}}

= Project Materials =
__NOTOC__ <headertabs>Document</headertabs>

[[Category:OWASP Project]]
[[Category:OWASP_Builders]]
[[Category:OWASP_Defenders]]
[[Category:OWASP_Document]]

OWASP - Cyber Security in the Boardroom

2019-12-13T09:30:40Z

Sherif: Edit

OWASP - Cyber Security in the Boardroom

2019-12-13T09:27:40Z

Sherif: Test

OWASP - Cyber Security in the Boardroom

2019-12-13T09:25:29Z

Sherif: Changing the content

OWASP - Cyber Security in the Boardroom

2019-12-12T16:00:52Z

Sherif: leaders names

OWASP - Cyber Security in the Boardroom

2019-12-12T15:58:35Z

Sherif: edit

OWASP - Cyber Security in the Boardroom

2019-12-12T15:57:23Z

Sherif: Sherif moved page Owasp Cyber Security at the Board Level Project to OWASP - Cyber Security in the Boardroom: Name change

Owasp Cyber Security at the Board Level Project

2019-12-12T15:57:23Z

Sherif: Sherif moved page Owasp Cyber Security at the Board Level Project to OWASP - Cyber Security in the Boardroom: Name change

#REDIRECT [[OWASP - Cyber Security in the Boardroom]]

OWASP - Cyber Security in the Boardroom

2019-12-12T15:45:12Z

Sherif: /* Main */

OWASP - Cyber Security in the Boardroom

2019-12-12T15:44:18Z

Sherif: Test

OWASP - Cyber Security in the Boardroom

2019-11-19T18:22:15Z

Sherif:

OWASP - Cyber Security in the Boardroom

2019-11-19T17:25:11Z

Sherif: /* Presentation */ test

November 2019

2019-11-18T14:48:39Z

Sherif: New & Old Business

Meeting Date:
Nov 19

Meeting Time:
11 AM US Pacific - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2019&month=11&day=18&hour=19&min=0&sec=0&p1=16&p2=919&p3=78&p4=136&p5=137&p6=676 other time zones]

Meeting Location:
Remote

Virtual:
https://zoom.us/j/194110926 Zoom Meeting Link] Meeting ID: 194-110-926 - [https://zoom.us/j/194110926 local dial in numbers]

AGENDA

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES
[https://docs.google.com/document/d/1Cw_My8iBG8tfq6mN4Xnc5K5BGk6WBPwxSMXwMpx8qrw/edit?usp=sharing October 2019 Board Minutes]

REPORTS
*[https://drive.google.com/a/owasp.org/file/d/1WC3r2zdKgihQ3eWdqcsN_WR3oj_lBef7/view?usp=sharing October 2019 Balance Sheet Summary]
*[https://drive.google.com/a/owasp.org/file/d/1De5UlEz_CjAj0Tg6hjHCeVxkzYdDXr9H/view?usp=sharing October2019 OWASP Combined P&L]
*[https://drive.google.com/a/owasp.org/file/d/1pF7EMmBrScrznIgAlLGKnyiVo-W6dDfc/view?usp=sharing OWASP 2019 Combined Fin pkg]

OLD BUSINESS

NEW BUSINESS
- Vote on Board Member Eligibility Proposal from August F2F

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

===

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* An updated on the foundation's move to Expensify
* A proposed approach from finance on how OWASP can receive restricted gifts efficiently.

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]
* [Sherif] - Setting up a transparent discussion with the community on 1) Fair & reasonable expenses, 2) Chapter tiers - how to we provide autonimy and services to various chapter levels. I would like a round table on what they red flags are from each board members & upcoming board members) in order to incorporate into a document and discussions open to the community.

Ofer Maor 2019 Bio and Why me

2019-09-15T22:55:14Z

Sherif: Embedded Video

==About Myself==
I’m a passionate cybersecurity professional with 25 years of experience in the industry, 20 of which in the AppSec field. I’ve been part of OWASP for 17 years, (almost) since its inception, and I currently serve on its Board of Directors. I've also held multiple roles in OWASP, including Chapter Leader, Global AppSec Event Co-Chair, Global Committee Member and more...

At the same time, I’ve also had the opportunity to work in various roles in the security industry, ranging from pen-testing, consulting, research, support, development, product management and all the way up to founding and managing several companies in this space. I’ve been a Breaker, a Builder and a Defender. I’ve been as hands-on and technical as it gets, but also had the chance to see how things operate on the larger scale.

Deep inside, I’m still a (ethical) hacker at heart, and I’m still an idealist about the the notion of community and open source at large, and OWASP specifically, yet at the same time I understand how organizations operate and what they need to do to thrive, and I believe this balance is what I bring to the OWASP Board. Since the beginning of the year, I have worked with the foundation staff to help grow and improve OWASP so that it can better support the community.

'''Today, after only a little over half a year on the board, I feel like we are starting to make a progress, and I would like to stay on the board to make sure that I can help drive those changes through.'''

== Candidate Election Video ==
{{#ev:youtube|r9x_36VKMYg}}
[https://www.youtube.com/watch?v=r9x_36VKMYg&feature=youtu.be Ofer Maor's OWASP 2019 Elections Candidate Interview]

==Why Me?==
I’m passionate about OWASP, and especially about its community. I’ve been working with OWASP for a long time, and have always cared for it. I’ve met some of the best people along my professional career through the OWASP community, and many of them became long lasting friends. Through my entire time with OWASP, the community is what drives me forward, and driving this community forward is what I can bring to the table.

OWASP is going through growing pains, that are natural at this time and place, yet still immensely challenging. OWASP has a growing financial pressure to support its growth, and at the same time has growing industry pressures, with vendors looking to influence the industry standards that it set. These pressures present great challenges for OWASP, both on the foundation and on the community, generating friction and frustration. Last year we’ve witnessed such a disconnect and miscommunication, which nearly ripped the community apart. During that time, I’ve worked with the board, the foundation and the community, to smooth things out, find the right solution, and prevent the rip.

Seeing which challenges we are facing, and the contribution I can offer, made me join the board in the first place and do the best I can to contribute to OWASP. I would like to continue the work I have started so that we can truly turn the page onto OWASPs next chapter, making it a leading global organization in the cybersecurity industry.
===Focus===
I plan to continue focus on the fine balance between the community, the financial constraints and the industry as a whole, to make sure OWASP stays true to its spirit, yet is allowed to grows and evolve to its next phase, reaching new audiences and making a greater impact on the software industry as a whole.

Some key areas I am already working on and plan on continuing:
*'''Membership''': I believe our current membership structure, both at the individual and corporate levels, makes it hard to increase membership revenue to the foundation, as it is not always clear what is the membership value. As a board member I took upon myself to be the lead board member, working with the staff, on changing our membership models to make OWASP a more professional organization, run by its members and better supported by the corporates in our industry. Some of these changes have already been made and published, while others are still in work and are likely to take effect over the course of the next 12-18 months.
*'''Chapters''': Chapters are one of the two main pillars OWASP thrives upon. Without our chapters we have no audience and can reach no one. Yet our chapters are not all the same. Some chapters are run very well and reach a great audience, while others are struggling and failing to get traction. In my upcoming term, should I get elected, I plan to put more emphasize on helping chapters run more professionally and more consistently, giving our members and target audience a better, more consistent experience worldwide.
*'''Committees:''' I believe Global Committees can be a great way to drive more initiatives by people in community, who are eager to do more and need the right framework. As a board member I supported initiatives that offer the community the framework to do more, especially around Chapters, Projects, and Education (and work to make sure they function better this time).
*'''Vendor Neutrality:''' Throughout my entire OWASP roles, I’ve always put great emphasize on vendor neutrality (despite working for one or another throughout this entire time). I believe the only way to keep OWASP relevant and valuable, is by making sure the content we produce in projects, conferences and education is neutral - focusing on best practices and practical knowledge, and not on marketing pitches and sales activities. As a board member I promise to vigorously fight against any attempt to externally influence OWASP as a whole, or any of its projects or conferences, in favor of specific vendor, whether it is financial gain or by taking control of an activity.

=== Relevant Experience ===
I’ve been part of OWASP for 17 years, (almost) since its inception, and I’ve had the opportunity of being involved in various activities:
*I've been on the Global Board of OWASP since January 2019, serving as the Secretary of the Board. As part of this role I am working with the staff on driving changes both to corporate and individual membership, to help OWASP become more professional as well as stabilize its financials. I'm also working on driving other initiatives for making the board interactions and meetings more professional, delivering better outcomes.
*I've been the co-Chair of Global AppSec Tel Aviv that took place in 2019. We had a great turnaround of people and sponsors in a location that has never before had a Global AppSec Event. We've also managed to make Global AppSec Tel Aviv more inclusive than ever with over 30% female speakers!
*I’ve been on the board of OWASP Israel for 10 years, of which I was the chair for 4 years. During this time OWASP Israel has grown considerably and transformed from a small chapter with no funding (and a single board member) to one of the largest communities in OWASP with a proper board and volunteer base.
*For the past decade we’ve been running the OWASP AppSec IL conference every year, growing it from a half-day, single-track event with 90 attendees to a multi-day conference with trainings and over 700 attendees. Today, OWASP AppSec IL is one of the most attended OWASP events every year. I’ve had the chance of running the conference as a chair for several years and took on other roles later, including content committee (speaker selection), sponsorships (driving revenue to the conference), and more.
*I’ve also been part of the Global Membership Committee (before the committees were disassembled). In this role we drove initiatives to increase OWASP membership (and thus revenue) for both individuals and corporates.
Outside of OWASP, I’ve had the chance of working in various roles in the industry. I’ve also had the chance of founding and running my own companies – first an AppSec consulting company, followed by an AppSec product company (both later acquired and still alive). I’ve been on the Board of several companies (including a publicly traded company in NYSE/Euronext), and I’ve had the chance to define, manage and review budgets and financial management of companies.

For more information about my professional experience you are welcome to visit my LinkedIn Profile: https://www.linkedin.com/in/ofermaor/

You can also listen to my latest podcast recording from AppSec EU 2018 by Chris Romeo from the Application Security Podcast, where I share some of my history, my current work and my intention to run for the OWASP Board at: https://www.securityjourney.com/blog/a-pen-testers-transition-to-appsec-vote-for-ofer/
==Contact Me==
If you'd like to know more - feel free to reach out to me:
*Mail: ofer.maor@owasp.org
*Twitter: @OferMaor

Sherif Mansour 2019 Bio & Why Me?

2019-08-29T20:40:30Z

Sherif: simple Edit

== About Sherif ==
Based in London, UK, I have been an OWASP member for 11 years and I am the treasurer of the OWASP Foundation & I lead the OWASP London chapter. I have worked in Information Security for 15 years, and hold an MSc in Information Security from the Royal Holloway College University of London. [https://twitter.com/Kerberosmansour Twitter: Kerberosmansour] | [https://www.linkedin.com/in/sherif-mansour-88a73b3/ Linkedin]
=== Board Level Experience ===
As a chairman and company secretary of a private UK company, I possess over 6 years board experience, and I have served on the board of OWASP for the last two years.

During this time I have helped to shape the company strategy. Taking an active role in the review of the annual returns and accounts, and running the AGMs has given me a comprehensive understanding of the business.
Holding a certificate in Company Direction from the Institute of Directors (IoD) gives me valuable certification and experience in this area. I am currently on the path to becoming a Chartered Company Director.
=== OWASP Community Experience ===
Building on my community organization experience, I take the role of chapter leader of the OWASP London and Royal Holloway Information Security Alumni Group.

OWASP London have an engaged community and effective marketing strategy. In 2016, we hosted more events than any other chapter, which are typically fully booked within 24 hours.

I'm also an active volunteer for a children's charity cancer hospital in Egypt, where I established a relationship between the hospital and the [http://childsplaycharity.org/ child's play foundation] to donate toys on an annual basis.

Taking an active lead with OWASP ZAP Product Management, I seconded an intern who contributed automation code for ZAP to run in a CI/CD pipeline([https://github.com/zaproxy/community-scripts/tree/master/api/sdlc-integration see link]).

=== Technical Experience ===
I’ve worked in large tech & finance companies and led the software security program for Expedia Inc. These roles have provided me both product and project management experience, as a scrum (Agile) product owner, in global cybersecurity teams.

During my time as an AppSec engineer, I discovered several undisclosed security vulnerabilities in third-party enterprise software.

To date, Microsoft http://technet.microsoft.com/en-us/security/cc308575#0610(June 2010) and SAP http://scn.sap.com/docs/DOC-8218 (April 2012) have acknowledged my security research work and both companies have listed my work on their websites.

I am also one of two authors of the CIS hardening benchmarks for Apache Tomcat 7 & 8

== Why Me? ==
I would like to be elected to the Global OWASP Board because I am passionate about OWASP, its community and believe I could be useful at the board level.

I would like to bring my board level experience as well as my experience of running one of OWASP's largest chapters and working with various projects to help shape and improve the organisation.

At the London OWASP Chapter a lot of our success is due to listening to our community. This feedback has influenced the talks we put on and led to the hackathon to teach developers how to write security code, and our video record of talks so our community can watch the events even if they missed them or want to listen to a specific part again.

We were one of two principal donors to the OWASP Summit (which helped get the project off the ground). This was an inspiring community effort that resulted in many tangible outcomes including updates to best practices and OWASP Software.

All of this was due to engaging the community and giving them what they want. I want to continue doing that to help OWASP globally and not just in London.
=== OWASP Election Q&A ===
{{#ev:youtube|9gDoGaSbIAE}}

=== Video: A Thank You from The National Museum of Computing at Bletchley Park ===
{{#ev:youtube|twYve0oQrys}}
Last year as part of OWASP London I along with a with a few others, helped out with The UK Cyber Security Challenge Extended Project Qualification (EPQ). EPQ provides university credits, much like SATs or AP credits in the US, but specifically for cyber security.

This is an initiative to encourage and reward young people's interest in Infosec and hopefully encourage them to pursue a career in the subject. In 2017 59 have passed and they celebrated their graduation on September the 5th.
=== Video: Endorsement from ISSA-UK President ===
{{#ev:youtube|phQdyxREQss}}
ISSA UK President, Gabe Chomic gave me a surprise endorsement for OWASP board during September's OWASP London Chapter meeting.

=== Audio: OWASP Board of Directors 2017 Interview ===
[https://www.owasp.org/download/2017-board-election/Sherif_Mansour.mp3 Sherif Mansour OWASP Board of Directors Interview]

Sherif Mansour 2019 Bio & Why Me?

2019-08-29T20:39:18Z

Sherif: Added Video

== About Sherif ==
Based in London, UK, I have been an OWASP member for 11 years and I am the treasurer of the OWASP Foundation & I lead the OWASP London chapter. I have worked in Information Security for 15 years, and hold an MSc in Information Security from the Royal Holloway College University of London. [https://twitter.com/Kerberosmansour Twitter: Kerberosmansour] | [https://www.linkedin.com/in/sherif-mansour-88a73b3/ Linkedin]
=== Board Level Experience ===
As a chairman and company secretary of a private UK company, I possess over 6 years board experience, and I have served on the board of OWASP for the last two years.

During this time I have helped to shape the company strategy. Taking an active role in the review of the annual returns and accounts, and running the AGMs has given me a comprehensive understanding of the business.
Holding a certificate in Company Direction from the Institute of Directors (IoD) gives me valuable certification and experience in this area. I am currently on the path to becoming a Chartered Company Director.
=== OWASP Community Experience ===
Building on my community organization experience, I take the role of chapter leader of the OWASP London and Royal Holloway Information Security Alumni Group.

OWASP London have an engaged community and effective marketing strategy. In 2016, we hosted more events than any other chapter, which are typically fully booked within 24 hours.

I'm also an active volunteer for a children's charity cancer hospital in Egypt, where I established a relationship between the hospital and the [http://childsplaycharity.org/ child's play foundation] to donate toys on an annual basis.

Taking an active lead with OWASP ZAP Product Management, I seconded an intern who contributed automation code for ZAP to run in a CI/CD pipeline([https://github.com/zaproxy/community-scripts/tree/master/api/sdlc-integration see link]).

=== Technical Experience ===
I’ve worked in large tech & finance companies and led the software security program for Expedia Inc. These roles have provided me both product and project management experience, as a scrum (Agile) product owner, in global cybersecurity teams.

During my time as an AppSec engineer, I discovered several undisclosed security vulnerabilities in third-party enterprise software.

To date, Microsoft http://technet.microsoft.com/en-us/security/cc308575#0610(June 2010) and SAP http://scn.sap.com/docs/DOC-8218 (April 2012) have acknowledged my security research work and both companies have listed my work on their websites.

I am also one of two authors of the CIS hardening benchmarks for Apache Tomcat 7 & 8

== Why Me? ==
I would like to be elected to the Global OWASP Board because I am passionate about OWASP, its community and believe I could be useful at the board level.

I would like to bring my board level experience as well as my experience of running one of OWASP's largest chapters and working with various projects to help shape and improve the organisation.

At the London OWASP Chapter a lot of our success is due to listening to our community. This feedback has influenced the talks we put on and led to the hackathon to teach developers how to write security code, and our video record of talks so our community can watch the events even if they missed them or want to listen to a specific part again.

We were one of two principal donors to the OWASP Summit (which helped get the project off the ground). This was an inspiring community effort that resulted in many tangible outcomes including updates to best practices and OWASP Software.

All of this was due to engaging the community and giving them what they want. I want to continue doing that to help OWASP globally and not just in London.
=== Video: A Thank You from The National Museum of Computing at Bletchley Park ===
{{#ev:youtube|twYve0oQrys}}
Last year as part of OWASP London I along with a with a few others, helped out with The UK Cyber Security Challenge Extended Project Qualification (EPQ). EPQ provides university credits, much like SATs or AP credits in the US, but specifically for cyber security.

This is an initiative to encourage and reward young people's interest in Infosec and hopefully encourage them to pursue a career in the subject. In 2017 59 have passed and they celebrated their graduation on September the 5th.
=== Video: Endorsement from ISSA-UK President ===
{{#ev:youtube|phQdyxREQss}}
ISSA UK President, Gabe Chomic gave me a surprise endorsement for OWASP board during September's OWASP London Chapter meeting.

=== OWASP Election Q&A ===
{{#ev:youtube|9gDoGaSbIAE}}

=== Audio: OWASP Board of Directors 2017 Interview ===
[https://www.owasp.org/download/2017-board-election/Sherif_Mansour.mp3 Sherif Mansour OWASP Board of Directors Interview]

Sherif Mansour 2019 Bio & Why Me?

2019-08-29T20:37:24Z

Sherif: simple

== About Sherif ==
Based in London, UK, I have been an OWASP member for 11 years and I am the treasurer of the OWASP Foundation & I lead the OWASP London chapter. I have worked in Information Security for 15 years, and hold an MSc in Information Security from the Royal Holloway College University of London. [https://twitter.com/Kerberosmansour Twitter: Kerberosmansour] | [https://www.linkedin.com/in/sherif-mansour-88a73b3/ Linkedin]
=== Board Level Experience ===
As a chairman and company secretary of a private UK company, I possess over 6 years board experience, and I have served on the board of OWASP for the last two years.

During this time I have helped to shape the company strategy. Taking an active role in the review of the annual returns and accounts, and running the AGMs has given me a comprehensive understanding of the business.
Holding a certificate in Company Direction from the Institute of Directors (IoD) gives me valuable certification and experience in this area. I am currently on the path to becoming a Chartered Company Director.
=== OWASP Community Experience ===
Building on my community organization experience, I take the role of chapter leader of the OWASP London and Royal Holloway Information Security Alumni Group.

OWASP London have an engaged community and effective marketing strategy. In 2016, we hosted more events than any other chapter, which are typically fully booked within 24 hours.

I'm also an active volunteer for a children's charity cancer hospital in Egypt, where I established a relationship between the hospital and the [http://childsplaycharity.org/ child's play foundation] to donate toys on an annual basis.

Taking an active lead with OWASP ZAP Product Management, I seconded an intern who contributed automation code for ZAP to run in a CI/CD pipeline([https://github.com/zaproxy/community-scripts/tree/master/api/sdlc-integration see link]).

=== Technical Experience ===
I’ve worked in large tech & finance companies and led the software security program for Expedia Inc. These roles have provided me both product and project management experience, as a scrum (Agile) product owner, in global cybersecurity teams.

During my time as an AppSec engineer, I discovered several undisclosed security vulnerabilities in third-party enterprise software.

To date, Microsoft http://technet.microsoft.com/en-us/security/cc308575#0610(June 2010) and SAP http://scn.sap.com/docs/DOC-8218 (April 2012) have acknowledged my security research work and both companies have listed my work on their websites.

I am also one of two authors of the CIS hardening benchmarks for Apache Tomcat 7 & 8

== Why Me? ==
I would like to be elected to the Global OWASP Board because I am passionate about OWASP, its community and believe I could be useful at the board level.

I would like to bring my board level experience as well as my experience of running one of OWASP's largest chapters and working with various projects to help shape and improve the organisation.

At the London OWASP Chapter a lot of our success is due to listening to our community. This feedback has influenced the talks we put on and led to the hackathon to teach developers how to write security code, and our video record of talks so our community can watch the events even if they missed them or want to listen to a specific part again.

We were one of two principal donors to the OWASP Summit (which helped get the project off the ground). This was an inspiring community effort that resulted in many tangible outcomes including updates to best practices and OWASP Software.

All of this was due to engaging the community and giving them what they want. I want to continue doing that to help OWASP globally and not just in London.
=== Video: A Thank You from The National Museum of Computing at Bletchley Park ===
{{#ev:youtube|twYve0oQrys}}
Last year as part of OWASP London I along with a with a few others, helped out with The UK Cyber Security Challenge Extended Project Qualification (EPQ). EPQ provides university credits, much like SATs or AP credits in the US, but specifically for cyber security.

This is an initiative to encourage and reward young people's interest in Infosec and hopefully encourage them to pursue a career in the subject. In 2017 59 have passed and they celebrated their graduation on September the 5th.
=== Video: Endorsement from ISSA-UK President ===
{{#ev:youtube|phQdyxREQss}}
ISSA UK President, Gabe Chomic gave me a surprise endorsement for OWASP board during September's OWASP London Chapter meeting.
=== Audio: OWASP Board of Directors Interview ===
[https://www.owasp.org/download/2017-board-election/Sherif_Mansour.mp3 Sherif Mansour OWASP Board of Directors Interview]

=== OWASP Election Q&A ===

Sherif Mansour 2019 Bio & Why Me?

2019-08-29T20:35:24Z

Sherif: simple

== About Sherif ==
Based in London, UK, I have been an OWASP member for 11 years and I am the treasurer of the OWASP Foundation & I lead the OWASP London chapter. I have worked in Information Security for 15 years, and hold an MSc in Information Security from the Royal Holloway College University of London. [https://twitter.com/Kerberosmansour Twitter: Kerberosmansour] | [https://www.linkedin.com/in/sherif-mansour-88a73b3/ Linkedin]
=== Board Level Experience ===
As a chairman and company secretary of a private UK company, I possess over 6 years board experience, and I have served on the board of OWASP for the last two years.

During this time I have helped to shape the company strategy. Taking an active role in the review of the annual returns and accounts, and running the AGMs has given me a comprehensive understanding of the business.
Holding a certificate in Company Direction from the Institute of Directors (IoD) gives me valuable certification and experience in this area. I am currently on the path to becoming a Chartered Company Director.
=== OWASP Community Experience ===
Building on my community organization experience, I take the role of chapter leader of the OWASP London and Royal Holloway Information Security Alumni Group.

OWASP London have an engaged community and effective marketing strategy. In 2016, we hosted more events than any other chapter, which are typically fully booked within 24 hours.

I'm also an active volunteer for a children's charity cancer hospital in Egypt, where I established a relationship between the hospital and the [http://childsplaycharity.org/ child's play foundation] to donate toys on an annual basis.

Taking an active lead with OWASP ZAP Product Management, I seconded an intern who contributed automation code for ZAP to run in a CI/CD pipeline([https://github.com/zaproxy/community-scripts/tree/master/api/sdlc-integration see link]).

=== Technical Experience ===
I’ve worked in large tech & finance companies and led the software security program for Expedia Inc. These roles have provided me both product and project management experience, as a scrum (Agile) product owner, in global cybersecurity teams.

During my time as an AppSec engineer, I discovered several undisclosed security vulnerabilities in third-party enterprise software.

To date, Microsoft http://technet.microsoft.com/en-us/security/cc308575#0610(June 2010) and SAP http://scn.sap.com/docs/DOC-8218 (April 2012) have acknowledged my security research work and both companies have listed my work on their websites.

I am also one of two authors of the CIS hardening benchmarks for Apache Tomcat 7 & 8

== Why Me? ==
I would like to be elected to the Global OWASP Board because I am passionate about OWASP, its community and believe I could be useful at the board level.

I would like to bring my board level experience as well as my experience of running one of OWASP's largest chapters and working with various projects to help shape and improve the organisation.

At the London OWASP Chapter a lot of our success is due to listening to our community. This feedback has influenced the talks we put on and led to the hackathon to teach developers how to write security code, and our video record of talks so our community can watch the events even if they missed them or want to listen to a specific part again.

We were one of two principal donors to the OWASP Summit (which helped get the project off the ground). This was an inspiring community effort that resulted in many tangible outcomes including updates to best practices and OWASP Software.

All of this was due to engaging the community and giving them what they want. I want to continue doing that to help OWASP globally and not just in London.
=== Video: A Thank You from The National Museum of Computing at Bletchley Park ===
{{#ev:youtube|twYve0oQrys}}
Last year as part of OWASP London I along with a with a few others, helped out with The UK Cyber Security Challenge Extended Project Qualification (EPQ). EPQ provides university credits, much like SATs or AP credits in the US, but specifically for cyber security.

This is an initiative to encourage and reward young people's interest in Infosec and hopefully encourage them to pursue a career in the subject. In 2017 59 have passed and they celebrated their graduation on September the 5th.
=== Video: Endorsement from ISSA-UK President ===
{{#ev:youtube|phQdyxREQss}}
ISSA UK President, Gabe Chomic gave me a surprise endorsement for OWASP board during September's OWASP London Chapter meeting.
=== Audio: OWASP Board of Directors Interview ===
[https://www.owasp.org/download/2017-board-election/Sherif_Mansour.mp3 Sherif Mansour OWASP Board of Directors Interview]

Sherif Mansour 2019 Bio & Why Me?

2019-08-29T20:33:10Z

Sherif: simple

== About Sherif ==
Based in London, UK, I have been an OWASP member for 7 years and I lead the OWASP London chapter. I have worked in Information Security for 13 years, and hold an MSc in Information Security from the Royal Holloway College University of London. [https://twitter.com/Kerberosmansour Twitter: Kerberosmansour] | [https://www.linkedin.com/in/sherif-mansour-88a73b3/ Linkedin]
=== Board Level Experience ===
As a chairman and company secretary of a private UK company, I possess over 6 years board experience.

During this time I have helped to shape the company strategy. Taking an active role in the review of the annual returns and accounts, and running the AGMs has given me a comprehensive understanding of the business.
Holding a certificate in Company Direction from the Institute of Directors (IoD) gives me valuable certification and experience in this area. I am currently on the path to becoming a Chartered Company Director.
=== OWASP Community Experience ===
Building on my community organization experience, I take the role of chapter leader of the OWASP London and Royal Holloway Information Security Alumni Group.

OWASP London have an engaged community and effective marketing strategy. In 2016, we hosted more events than any other chapter, which are typically fully booked within 24 hours.

I'm also an active volunteer for a children's charity cancer hospital in Egypt, where I established a relationship between the hospital and the [http://childsplaycharity.org/ child's play foundation] to donate toys on an annual basis.

Taking an active lead with OWASP ZAP Product Management, I seconded an intern who contributed automation code for ZAP to run in a CI/CD pipeline([https://github.com/zaproxy/community-scripts/tree/master/api/sdlc-integration see link]).

=== Technical Experience ===
I’ve worked in large tech & finance companies and led the software security program for Expedia Inc. These roles have provided me both product and project management experience, as a scrum (Agile) product owner, in global cybersecurity teams.

During my time as an AppSec engineer, I discovered several undisclosed security vulnerabilities in third-party enterprise software.

To date, Microsoft http://technet.microsoft.com/en-us/security/cc308575#0610(June 2010) and SAP http://scn.sap.com/docs/DOC-8218 (April 2012) have acknowledged my security research work and both companies have listed my work on their websites.

I am also one of two authors of the CIS hardening benchmarks for Apache Tomcat 7 & 8

== Why Me? ==
I would like to be elected to the Global OWASP Board because I am passionate about OWASP, its community and believe I could be useful at the board level.

I would like to bring my board level experience as well as my experience of running one of OWASP's largest chapters and working with various projects to help shape and improve the organisation.

At the London OWASP Chapter a lot of our success is due to listening to our community. This feedback has influenced the talks we put on and led to the hackathon to teach developers how to write security code, and our video record of talks so our community can watch the events even if they missed them or want to listen to a specific part again.

We were one of two principal donors to the OWASP Summit (which helped get the project off the ground). This was an inspiring community effort that resulted in many tangible outcomes including updates to best practices and OWASP Software.

All of this was due to engaging the community and giving them what they want. I want to continue doing that to help OWASP globally and not just in London.
=== Video: A Thank You from The National Museum of Computing at Bletchley Park ===
{{#ev:youtube|twYve0oQrys}}
Last year as part of OWASP London I along with a with a few others, helped out with The UK Cyber Security Challenge Extended Project Qualification (EPQ). EPQ provides university credits, much like SATs or AP credits in the US, but specifically for cyber security.

This is an initiative to encourage and reward young people's interest in Infosec and hopefully encourage them to pursue a career in the subject. In 2017 59 have passed and they celebrated their graduation on September the 5th.
=== Video: Endorsement from ISSA-UK President ===
{{#ev:youtube|phQdyxREQss}}
ISSA UK President, Gabe Chomic gave me a surprise endorsement for OWASP board during September's OWASP London Chapter meeting.
=== Audio: OWASP Board of Directors Interview ===
[https://www.owasp.org/download/2017-board-election/Sherif_Mansour.mp3 Sherif Mansour OWASP Board of Directors Interview]

December 2018

2018-12-19T18:10:03Z

Sherif: Updated Motion Link

Meeting Date: December 19, 2018

Meeting Time: 1:00 PM to 2:30 PM EST ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=12&day=19&hour=19&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])

Meeting Location: Virtual

Address: N/A

Virtual: <nowiki>https://global.gotomeeting.com/join/844511053</nowiki> <s><nowiki>https://www3.gotomeeting.com/join/861328838</nowiki></s>

[[International_Toll_Free_Calling_Information |International Toll Free Calling Info]]

AGENDA

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES

REPORTS

OLD BUSINESS

NEW BUSINESS

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

=<nowiki>=</nowiki>=

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

Committee 2.0 update - https://docs.google.com/document/d/1yw8KQoQ0SVbvP9nRsW52yYGJUuu-qAgi5HlNktBScIo/edit?ts=5bfedf7d

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

Proposed changes to End of Year Projects/Chapter budgets updates:
* The creation of a general fund for all chapters/projects/committees
* Request all chapters/projects/committees to state what any additional funds they need
* The demand is then send to the larger projects/chapters (those with more than $5K in budget) - Request for a budget and any contributions to the general fund
* Chapters can chose specifically which initiatives they want their funds to go to - OR it goes to the central fund for the foundation to provide financing to other chapters/projects/committees.
Doc: https://docs.google.com/document/d/1RqexhbnBkmJnNe21gb7HmB1kacLrxih34LigZK4NH3s/edit

About OWASP/Financial Transparency

2018-11-30T03:53:06Z

Sherif: Updated 2017

__NOTOC__

The OWASP Foundation is a 501(c)(3) nonprofit organization headquartered in Bel Air, MD. Our federal ID number for donations is: #20-0963503. We also have a [https://www.owasp.org/index.php/Europe European Entity] - OWASP Europe VZW, based in Belgium.

=Tax Deductability of Payments to OWASP=

OWASP membership fees, OWASP conferences fees, OWASP conference sponsorships, and [https://www.owasp.org/index.php/Advertising advertising opportunities] are not considered tax-deductible donations due to the benefits the paying organization/individual receives. [https://www.owasp.org/index.php/Donate Direct donations] to OWASP are fully tax-deductible given OWASP's recognized U.S. not-for-profit status.
OWASP's U.S. Employer Identification Number (EIN) is: 20-0963503.

=Audited Financial Statements=
[https://www.owasp.org/images/a/a2/The%2BOWASP%2BFoundation%2C%2BInc.%2Band%2BAffiliate%2BDecember%2B31%2C%2B2013%2BFinancial%2BStatements.pdf OWASP Foundation Audited Financial Statement - 2013]

[https://www.owasp.org/images/7/72/Audit_Report.pdf OWASP Foundation Audited Financial Statement - 2010].

[https://www.owasp.org/images/9/94/OWASP_Audit_Report_2007.pdf OWASP Foundation Audited Financial Statement - 2007].

=Form 990 Documents=
[https://www.owasp.org/images/9/93/The_OWASP_Foundation%2C_Inc._2017_Form_990_-_Open_to_Public_Inspection.pdf Form 990 & 990T OWASP Foundation - 2017]

[https://www.owasp.org/images/4/49/THE_OWASP_FOUNDATION_INC._2016_FORM_990_-_CLIENT_COPY.pdf Form 990 & 990T OWASP Foundation - 2016]

[https://www.owasp.org/images/8/8a/THE_OWASP_FOUNDATION_INC._2015_FORM_990_-_CLIENT_COPY.pdf Form 990 & 990T OWASP Foundation – 2015]

[https://www.owasp.org/images/f/f3/The_Owasp_Foundation_Inc._December_31_2014_Tax_Return_-_Form_990T_Paper_Filing_Copy_and_Filing_Instruction_s.pdf Form 990 & 990T OWASP Foundation – 2014]

[https://www.owasp.org/index.php/File:Federal_Tax_Return_990_public_inspection_cop_144599420.pdf Form 990-OWASP Foundation-2013] and
[https://www.owasp.org/images/2/27/Federal_Tax_Return_990T_Public_Inspection_Co_144598865.pdf Form 990T-OWASP Foundation-2013]

[https://www.owasp.org/images/0/0d/OWASP_Foundation_990-2012.pdf Form 990 OWASP Foundation – 2012] and [https://www.owasp.org/images/5/5f/OWASP_990T_2012.pdf Form 990T OWASP Foundation – 2012]

[https://www.owasp.org/images/9/9b/2011_Tax_Return.pdf Form 990 & 990T OWASP Foundation – 2011]

[https://www.owasp.org/images/0/06/2010_Tax_Return.pdf Form 990 & 990T OWASP Foundation – 2010]

[https://www.owasp.org/images/d/d8/2009_Form_990.pdf Form 990 & 990T OWASP Foundation – 2009]

[https://www.owasp.org/images/d/de/2008_Tax_Return.pdf Form 990 & 990T OWASP Foundation – 2008]

[https://www.owasp.org/images/5/57/2007_Form_990.pdf Form 990 & 990T OWASP Foundation – 2007]

[https://www.owasp.org/images/e/ef/2006_Tax_Return.pdf Form 990 & 990T OWASP Foundation – 2006]

[http://204.203.220.33/EINS/200963503/200963503_2005_026A3A51.PDF Form 990 & 990T OWASP Foundation – 2005]

=Annual Reports=

[[:File:OWASP Annual Report 2015.pdf|Fiscal Year 2015 Annual Report]]

[https://www.owasp.org/images/7/7e/2014_OWASP_Annual_Report_Final.pdf Fiscal Year 2014 Annual Report]

[http://wiki.owasp.org/images/8/8f/2013-Annual-Report.pdf Fiscal Year 2013 Annual Report]

Note: 2015 was the last year that the OWASP Foundation created and published an annual report.

=Annual Budgets=

[https://drive.google.com/open?id=0Bzb3QwFMHCXrVmd2akQzVGE3NWZnckljV1lVRmlpQXJ1R3Ew OWASP Foundation Budget - 2018]

[https://drive.google.com/file/d/0BxjNZI6rYJRKbnBlaHM3LTU2ckk/view?usp=sharing OWASP Foundation Budget - 2015]

[https://www.owasp.org/images/a/ac/2014_Budget_FINAL.pdf OWASP Foundation Budget - 2014]

[https://www.owasp.org/images/6/6d/2013_Budget_-_Final.pdf OWASP Foundation Budget - 2013]

[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AhI4iTO_QojvdFRTX1ZvUHU5U1N3WVRGNm56cDlOM1E#gid=0 OWASP Foundation Budget - 2012]

[https://www.owasp.org/index.php/Global_Committee_Budgets/2011 OWASP Foundation - Global Committee Budgets - 2011]

=Other Financial Documents=
[https://www.owasp.org/images/c/c3/2014_OWASP_W9.pdf OWASP Foundation 2014 W9]

[https://www.owasp.org/images/2/24/IRS501c3DeterminationLetter.pdf OWASP Foundation Proof of Tax Exempt Status]

[https://www.owasp.org/images/e/eb/NY_Exempt_Organization_Certificate.pdf NY State Tax Exemption Certificate]

[https://www.owasp.org/index.php/About_OWASP/Financial_Transparency/P_and_L_Statements OWASP Foundation - Monthly P & L Reports]

File:The OWASP Foundation, Inc. 2017 Form 990 - Open to Public Inspection.pdf

2018-11-30T03:49:15Z

Sherif:

2017 990

December 2018

2018-11-26T21:11:49Z

Sherif: Added a new motion

Meeting Date: December 19, 2018

Meeting Time: 1:00 PM to 2:30 PM EST ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=12&day=19&hour=19&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])

Meeting Location: Virtual

Address: N/A

Virtual: https://www3.gotomeeting.com/join/861328838

[[International_Toll_Free_Calling_Information |International Toll Free Calling Info]]

AGENDA

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES

REPORTS

OLD BUSINESS

NEW BUSINESS

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

=<nowiki>=</nowiki>=

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

Proposed changes to End of Year Projects/Chapter budgets updates:
* The creation of a general fund for all chapters/projects/committees
* Request all chapters/projects/committees to state what any additional funds they need
* The demand is then send to the larger projects/chapters (those with more than $5K in budget) - Request for a budget and any contributions to the general fund
* Chapters can chose specifically which initiatives they want their funds to go to - OR it goes to the central fund for the foundation to provide financing to other chapters/projects/committees.

OWASP Zed Attack Proxy Project

2018-11-22T10:07:43Z

Sherif: Added HUD Video

= Main =
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=]]</div>
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |
[[Image:zap128x128.png|right]]
{{ReviewProject|projectname=zaproxy|language=en}}
<div style="font-size:120%;border:none;margin: 0;color:#000">
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers[[#Justification|*]]. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

====ZAP 2.7.0 is now available!====

[[Image:ZAP-Download.png | link=https://github.com/zaproxy/zaproxy/wiki/Downloads]]

====Please help us to make ZAP even better for you by answering the [https://docs.google.com/forms/d/1-k-vcj_sSxlil6XLxCFade-m-IQVeE2h9gduA-2ZPPA/viewform ZAP User Questionnaire]!====

For a quick overview of ZAP and an introduction to the [https://wiki.jenkins-ci.org/display/JENKINS/zap+plugin official ZAP Jenkins plugin] see these tutorial videos on YouTube:

{|
|-
{{#ev:youtube|eH0RBI0nmww}} 
{{#ev:youtube|mmHZLSffCUg}} 
{{#ev:youtube|ztfgip-UhWw}}

|}

For more videos see the links on the [https://github.com/zaproxy/zaproxy/wiki/Videos wiki videos page].

Interested in a ZAP talk or training event? See the [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#tab=Talks talks] tab. Not one near you? Contact a [https://github.com/zaproxy/zaproxy/wiki/ZapEvangelists Zap Evangelist] to arrange one!

{{#widget:PayPal Donation
|target=_blank
|budget=Zed Attack Proxy
}}

For general information about ZAP:
* [https://twitter.com/zaproxy Twitter] - official ZAP announcements (low volume)
* [https://zaproxy.blogspot.co.uk/ Blog] - official ZAP blog

For help using ZAP:
* [https://github.com/zaproxy/zaproxy/releases/download/2.6.0/ZAPGettingStartedGuide-2.6.pdf Getting Started Guide (pdf)] - an introductory guide you can print
* [https://www.youtube.com/playlist?list=PLEBitBW-Hlsv8cEIUntAO8st2UGhmrjUB Tutorial Videos]
* [https://github.com/zaproxy/zap-core-help/wiki User Guide] - online version of the User Guide included with ZAP
* [https://groups.google.com/group/zaproxy-users User Group] - ask questions about using ZAP
* [https://github.com/zaproxy/zap-extensions/wiki Add-ons] - help for the optional add-ons you can install
* [https://stackoverflow.com/questions/tagged/zap StackOverflow] - because some people use this for all everything ;)

To learn more about ZAP development:
* [https://github.com/zaproxy Source Code] - for all of the ZAP related projects
* [https://github.com/zaproxy/zaproxy/wiki/Introduction Wiki] - lots of detailed info
* [https://groups.google.com/group/zaproxy-develop Developer Group] - ask questions about the ZAP internals
* [https://crowdin.com/project/owasp-zap Crowdin (GUI)] - help translate the ZAP GUI
* [https://crowdin.com/project/owasp-zap-help Crowdin (User Guide)] - help translate the ZAP User Guide
* [https://www.openhub.net/p/zaproxy OpenHub] - FOSS analytics
* [https://www.bountysource.com/teams/zap/issues BountySource] - Vote on ZAP issues (you can also donate money here, but 10% taken out)

===Justification===
Justification for the statements made in the tagline at the top;)

Popularity:
* ToolsWatch Annual Best Free/Open Source Security Tool Survey:
** 2016 [http://www.toolswatch.org/2017/02/2016-top-security-tools-as-voted-by-toolswatch-org-readers/ 2nd]
** 2015 [http://www.toolswatch.org/2016/02/2015-top-security-tools-as-voted-by-toolswatch-org-readers/ 1st]
** 2014 [http://www.toolswatch.org/2015/01/2014-top-security-tools-as-voted-by-toolswatch-org-readers/ 2nd]
** 2013 [http://www.toolswatch.org/2013/12/2013-top-security-tools-as-voted-by-toolswatch-org-readers/ 1st]

Contributors:
* [https://www.openhub.net/p/zaproxy Code Contributors]
* [https://crowdin.com/project/owasp-zap ZAP core i18n Contributors]
* [https://crowdin.com/project/owasp-zap-help ZAP help i18n Contributors]

{{Social Media Links}}

| style="padding-left:25px;width:200px;" valign="top" |

== Quick Download ==

[https://github.com/zaproxy/zaproxy/wiki/Downloads Download OWASP ZAP!]

== Donate to ZAP ==
<div class="center" style="width: auto; margin-left: auto; margin-right: auto;">{{#widget:PayPal Donation
|target=_blank
|budget=Zed Attack Proxy }}</div>

== News and Events ==
Please see the [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#News News] and [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project#Talks Talks] tabs

== Change Log ==
* [https://github.com/zaproxy/zaproxy/commits/develop zaproxy]
* [https://github.com/zaproxy/zap-extensions/commits/master zap-extensions]

== Code Repo ==
* [https://github.com/zaproxy/zaproxy/ zaproxy]
* [https://github.com/zaproxy/zap-extensions/ zap-extensions]

== Email List ==

Questions? Please ask on the [http://groups.google.com/group/zaproxy-users ZAP User Group]

== Project Leader ==

Project Leader<br />[https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @]

Co-Project Leaders<br />[https://www.owasp.org/index.php/User:Ricardo.Pereira Ricardo Pereira] [mailto:ricardo.pereira@owasp.org @]

[https://www.owasp.org/index.php/User:Rick.mitchell Rick Mitchell] [mailto:rick.mitchell+wiki@owasp.org @]

== Related Projects ==

* [https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project OWASP WTE]
* [https://www.owasp.org/index.php/OWASP_OWTF OWASP OWTF]

== Ohloh ==

*https://www.openhub.net/p/zaproxy

==Classifications==

{| cellpadding="2" width="200"
|-
| rowspan="2" align="center" width="50%" valign="top" | [[File:Mature projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
| align="center" width="50%" valign="center" | [[File:Owasp-builders-small.png|link=]]
|
|-
| align="center" width="50%" valign="center" | [[File:Owasp-breakers-small.png|link=]]
|-
| colspan="2" align="center" | [http://www.apache.org/licenses/LICENSE-2.0 Apache 2 License]
|-
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]]
|}

|}

= Screenshots =
[[Image:zap128x128.png|right]]
{|
|-
|
[[Image:ZAP-ScreenShotAddAlert.png|||400px|ZAP Add Alert Screen Shot]]
|
[[Image:ZAP-ScreenShotHelp.png||400px|left|ZAP Help Screen Shot]]
|-
|
[[Image:ZAP-ScreenShotHistoryFilter.png|thumb|400px|left|ZAP History Filter Screen Shot]]
|
[[Image:ZAP-ScreenShotSearchTab.png|thumb|400px|left|ZAP Search Tab Screen Shot]]
|}

= Talks =
[[Image:zap128x128.png|right]]
<div style="font-size:120%;border:none;margin: 0;color:#000">
{{:Projects/OWASP Zed Attack Proxy Project/Pages/Talks | Talks}}

</div>
= News =
[[Image:zap128x128.png|right]]
<div style="font-size:120%;border:none;margin: 0;color:#000">
{{:Projects/OWASP Zed Attack Proxy Project/Pages/News | News}}

</div>
= ZAP Gear =
[[Image:zap128x128.png|right]]
<div style="font-size:120%;border:none;margin: 0;color:#000">

Yes, you can now buy ZAP related gear!

All of the artwork for ZAP swag is released under the Creative Common License and can be downloaded from the [https://github.com/zaproxy/zap-swag zap-swag] repo.

You can of course use the artwork from this repo with any other online store that you like.

A range of products can be purchased from [http://www.redbubble.com/people/zaproxy Redbubble]

Stickers can be purchased from [https://www.stickermule.com/uk/user/1070684077/stickers Stickermule]

T-shirts can be purchased from [http://www.cafepress.com/zaproxy Cafepress]

[[Image:zap-tshirt-cp.PNG | link=http://www.cafepress.com/zaproxy]]

</div>

= Supporters =
[[Image:zap128x128.png|right]]
<div style="font-size:120%;border:none;margin: 0;color:#000">

ZAP is developed by a worldwide [https://github.com/zaproxy/zap-core-help/wiki/HelpCredits team] of volunteers.

But we have also been helped by many organizations, either financially or by encouraging their employees to work on ZAP:

* [http://www.mozilla.org Mozilla]
* [http://www.linuxfoundation.org/ The Linux Foundation]
* [https://segment.com/ Segment]
* [http://www.owasp.org OWASP]
* [http://www.sage.co.uk Sage]
* [http://www.google.com Google]
* [http://www.microsoft.com Microsoft]
* [http://www.hacktics.com/ Hacktics, Ernst & Young]
* [http://www.dinosec.com/ DinoSec]
* [http://www.denimgroup.com Denim Group]
* [http://www.aspectsecurity.com/ Aspect Security]
* [http://secureideas.net SecureIdeas]
* [http://utilisec.com UtiliSec]
* [http://www.encription.co.uk/ encription]
* [https://www.accenture.com/us-en/digital-index.aspx Accenture Digital]
</div>

= Functionality =
[[Image:zap128x128.png|right]]
<div style="font-size:120%;border:none;margin: 0;color:#000">
'''Some of ZAP's functionality:'''

* [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsIntercept Man-in-the-middle Proxy]
* [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsSpider Traditional] and AJAX spiders
* [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsAscan Automated scanner]
* [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsPscan Passive scanner]
* [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsBruteforce Forced browsing]
* [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsFuzz Fuzzer]
* [https://github.com/zaproxy/zap-core-help/wiki/HelpUiDialogsOptionsDynsslcert Dynamic SSL certificates]
* [https://github.com/zaproxy/zap-core-help/wiki/SmartCards Smartcard and Client Digital Certificates support]
* [https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsWebsocketIntroduction Web sockets] support
* [https://github.com/zaproxy/zap-core-help/wiki/HelpAddonsScriptsScripts Support for a wide range of scripting languages]
* [https://github.com/zaproxy/zap-core-help/wiki//HelpAddonsPlugnhackPlugnhack Plug-n-Hack support]
* Authentication and session support
* [https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsApi Powerful REST based API]
* Automatic updating option
* [https://github.com/zaproxy/zap-extensions/wiki Integrated and growing marketplace of add-ons]

</div>
= Features =
[[Image:zap128x128.png|right]]
<div style="font-size:120%;border:none;margin: 0;color:#000">
'''Some of ZAP's features:'''

* [http://www.apache.org/licenses/LICENSE-2.0 Open source]
* Cross platform (it even runs on a [https://github.com/zaproxy/zaproxy/wiki/zappi Raspberry Pi!])
* Easy to install (using a [https://www.ej-technologies.com/products/install4j/overview.html multi-platform installer builder])
* Completely free (no paid for 'Pro' version)
* Ease of use a priority
* [https://github.com/zaproxy/zap-core-help/wiki/HelpIntro Comprehensive help pages]
* Fully internationalized
* Translated into over 20 languages
* Community based, with involvement actively encouraged
* Under active development by an international team of volunteers

ZAP is a fork of the well regarded [http://www.parosproxy.org/ Paros Proxy].

</div>

= Languages =
[[Image:zap128x128.png|right]]
<div style="font-size:120%;border:none;margin: 0;color:#000">

'''ZAP supports the following languages:'''

* English
* Arabic
* Bosnian
* Brazilian Portuguese
* Chinese
* Danish
* Filipino
* French
* German
* Greek
* Hungarian
* Indonesian
* Italian
* Japanese
* Korean
* Persian
* Polish
* Russian
* Sinhala
* Spanish
* Urdu

You can use [http://crowdin.net/project/owasp-zap Crowdin] to help improve these translations or add new ones right now!

</div>

= Roadmap =
[[Image:zap128x128.png|right]]
<div style="font-size:120%;border:none;margin: 0;color:#000">

==Release 2.6.0==
ZAP 2.6.0 has been released, this is a bug fix and enhancement release

For more details see https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_6_0

==Release 2.7.0==
ZAP 2.7.0 has been released (Nov 2017), this is a bug fix and enhancement release

For more details see https://github.com/zaproxy/zap-core-help/wiki/HelpReleases2_7_0

It requires Java 8 (minimum) and supports Selenium 3.

==Release 2.8.0==
ZAP 2.8.0 does not yet have a planned release date, but is likely to be around the beginning of 2018 or (more likely) the middle of 2018.
</div>

= Get Involved =
[[Image:zap128x128.png|right]]
<div style="font-size:120%;border:none;margin: 0;color:#000">

Involvement in the development of ZAP is actively encouraged!

You do not have to be a security expert in order to contribute.

Some of the ways you can help:

==Feature Requests==

Please raise new feature requests as enhancement requests here: https://github.com/zaproxy/zaproxy/issues

If there are existing requests you are also interested in then please 'star' them - that way we can see which features people are most interested in and can prioritize them accordingly.

==Feedback==

Please use the [http://groups.google.com/group/zaproxy-users zaproxy-users Google Group] for feedback:
* What do like?
* What don't you like?
* What features could be made easier to use?
* How could the help pages be improved?

==Log issues==

Have you had a problem using ZAP?

If so and its not already been logged then please [https://github.com/zaproxy/zaproxy/issues report it]

==Localization==

Are you fluent in another language? Can you help translate ZAP into that language?

You can use [http://crowdin.net/project/owasp-zap Crowdin] to do that!

==Development==

If you fancy having a go at adding functionality to ZAP then please get in touch via the [http://groups.google.com/group/zaproxy-develop zaproxy-develop Google Group].

Again, you do not have to be a security expert to contribute code - working on ZAP could be great way to learn more about web application security!

If you actively contribute to ZAP then you will be invited to join the project.

</div>

__NOTOC__ <headertabs></headertabs>

[[Category:OWASP Project|Zed Attack Proxy Project]]
[[Category:OWASP_Tool]]
[[Category:OWASP Release Quality Tool|OWASP Release Quality Tool]]
[[Category:OWASP_Download]]
[[Category:Popular]]
[[Category:SAMM-ST-2]]
[[Category:Flagship Projects|Zap]]
[[Category:OWASP Zed Attack Proxy|Zap]]

November 2018

2018-11-21T18:03:02Z

Sherif: Adding correct Board eligibility doc

Meeting Date: November 21, 2018

Meeting Time: 12:00 PM to 1:30 PM EST ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=11&day=21&hour=17&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])

Meeting Location: Virtual

Address: N/A

<s>Virtual: https://www3.gotomeeting.com/join/861328838</s> New Meeting: https://global.gotomeeting.com/join/256229429

[[International_Toll_Free_Calling_Information |International Toll Free Calling Info]]

AGENDA

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES
Previous meeting minutes: [https://docs.google.com/document/d/1p4zVQPne5oITUckHZD6q3UGx3az4q8_YQLDmyn-UTA4/edit?usp=sharing 2018-10-10 meeting minutes]
REPORTS
Financial Reports: [https://drive.google.com/a/owasp.org/file/d/0Bzb3QwFMHCXrbXc2NFVUZXB6Z1ZSeTNPclh4QmZ0aVY0Zmg0/view?usp=sharing Board Summary] and [https://drive.google.com/a/owasp.org/file/d/0Bzb3QwFMHCXrR1k1anlQMHExX29iYTZITnRveEY3eEhxbkVR/view?usp=sharing Balance Sheet] (Tom P)

Director of Community and Operations Report and Updates (Matt T)
* [https://docs.google.com/document/d/1Lxo9fG6E3EOsJ6Bt0c_QJgDQWZGygN3CNUbBHnlJFHY/edit?usp=sharing Status report for Nov 2018 board meeting]
* [https://docs.google.com/document/d/19arizQd78VQy0umW2kXEkKXBxO6kIsdoOJ5NutMbG4w/edit?usp=sharing Draft Job Description for Director of Conferences and Events]
* [https://docs.google.com/document/d/1pUYdWkzoxieXr2qAhCuAY2hwmUbeiaWrdng2JVr9USI/edit?usp=sharing Draft Job Description for Executive Director]
OLD BUSINESS

NEW BUSINESS

'''<u>Motions</u>'''
* '''Compliance Committee Changes''' - https://docs.google.com/document/d/1OSm7Vu5iuE-Uu-iOTjD7XhEXQqwDN_ZJ7jOOYqoiCzo/edit?usp=sharing - Greg (added on this Months Agenda by Sherif)
* '''Board Eligibility''' - https://docs.google.com/document/d/1a_adkVd5xL14Gg-Dwoeyg_bTDA3t8y2puy25AYyVQ8s/edit - Greg - '''Old Document NOT to BE VOTED ON''' https://docs.google.com/document/d/1FO_Ob62LwVZHXA9qtDoNSfmMB6u9PZZHpG2RJcL7e-w/edit
* '''OWASP Global Committees 2.0 Changes''' - [https://docs.google.com/document/d/1yw8KQoQ0SVbvP9nRsW52yYGJUuu-qAgi5HlNktBScIo/edit https://docs.google.com/document/d/1yw8KQoQ0SVbvP9nRsW52yYGJUuu-qAgi5HlNktBScIo] - Owen (added on this Months Agenda by Sherif)

'''<u>Discussions:</u>'''
* '''Treasury''' - 2018 Remaining Action Items:
** Request for the foundation to provide Accountants with Merchandise Inventory.
** Request for the foundation to finalize the accounts receivables.
* '''Global/Local Events Splits:''' We need establish a roadmap on how to get from a few proposed ideas to an actionable motion that has been discussed with the community to vote on and enact. '''*Note:''' From the last leaders meeting the emerging consensus from the community is for regional events to have multiple splits (e.g. 90/10 - 80/20 - 70/30) with different packages/support levels from the foundation.
* '''2019 Strategy + Budget:''' Given Karen's departure we need to pick up where we left of and agree on it no later than End of January

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

November 2018

2018-11-18T10:37:38Z

Sherif: added a note

Meeting Date: November 21, 2018

Meeting Time: 12:00 PM to 1:30 PM EST ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=11&day=21&hour=17&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])

Meeting Location: Virtual

Address: N/A

Virtual: https://www3.gotomeeting.com/join/861328838

[[International_Toll_Free_Calling_Information |International Toll Free Calling Info]]

AGENDA

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES

REPORTS

OLD BUSINESS

NEW BUSINESS

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

=<nowiki>=</nowiki>=

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

==New Business==

=== '''<u>Motions</u>''' ===
* '''Compliance Committee Changes''' - <nowiki>https://docs.google.com/document/d/1OSm7Vu5iuE-Uu-iOTjD7XhEXQqwDN_ZJ7jOOYqoiCzo/edit?usp=sharing</nowiki> - Greg (added on this Months Agenda by Sherif)
* '''OWASP Global Committees 2.0 Changes''' - [https://docs.google.com/document/d/1yw8KQoQ0SVbvP9nRsW52yYGJUuu-qAgi5HlNktBScIo/edit https://docs.google.com/document/d/1yw8KQoQ0SVbvP9nRsW52yYGJUuu-qAgi5HlNktBScIo] - Owen (added on this Months Agenda by Sherif)

=== '''<u>Discussions:</u>''' ===
* '''Treasury''' - 2018 Remaining Action Items:
** Request for the foundation to provide Accountants with Merchandise Inventory.
** Request for the foundation to finalize the accounts receivables.
* '''Global/Local Events Splits:''' We need establish a roadmap on how to get from a few proposed ideas to an actionable motion that has been discussed with the community to vote on and enact. '''*Note:''' From the last leaders meeting the emerging consensus from the community is for regional events to have multiple splits (e.g. 90/10 - 80/20 - 70/30) with different packages/support levels from the foundation.
* '''2019 Strategy + Budget:''' Given Karen's departure we need to pick up where we left of and agree on it no later than End of January

All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

November 2018

2018-11-18T10:29:16Z

Sherif: Sherif's Notes

Board

2018-11-18T09:58:53Z

Sherif:

__NOTOC__

= Board Meetings =
[https://www.owasp.org/index.php/About_OWASP#OWASP_Foundation_Bylaws Bylaws] are the most important legal document of any organization. Bylaws outline in writing the day-to-day rules for your organization and provide comprehensive guidelines to keep things running smoothly. If you want to understand the business of OWASP Foundation the best way to do that would be to examine the bylaws the the [https://www.owasp.org/index.php/About_OWASP#Form_990_Documents 990 forms filed with the United States Government as a non-profit annually.]

[https://www.owasp.org/index.php/About_OWASP#OWASP_Foundation_Bylaws Global Bylaws]

== Upcoming 2018 Meetings ==
* [[October 2018 |October 10, 2018]] - 3:00 to 4:30 PM EDT ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=10&day=10&hour=19&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones]) at AppSec USA 2018 Conference
* [[November 2018 |November 21, 2018]] - 12:00 PM to 1:30 PM EST ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=11&day=21&hour=17&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])
* [[December 2018 |December 19th, 2018]] - 1:00 PM to 2:30 PM EST ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=12&day=19&hour=19&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])

All board meeting notes that include actions as a result will be tracked in a single document for all meetings [https://docs.google.com/a/owasp.org/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag/edit?usp=sharing click here]

== 2018 Elected by Membership, Global Board Members ==
[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Member, Meeting Attendance Tracking]

[https://www.owasp.org/index.php/OWASP_Board_History Historical Board Members by Year]
<br>
<br>
<br>
[[Image:Owasp_logo_icon.jpg|120 px|left]]
<br>
==== [[User:Knoblochmartin | Martin Knobloch]]: Chairman ====

The Chairman of the Board shall serve as the principal executive officer of the Foundation.

Fiduciary responsibilities: He/She shall, in general, supervise and control all of the business and affairs of the Foundation. He/She will monitor financial planning and financial reports He/She or he may sign, with the Secretary or any other proper officer of the Foundation thereunto authorized by the Board of Directors, any deeds, mortgages, bonds, contracts, or other instruments which the Board of Directors has authorized to be executed, except in cases where the signing and execution thereof shall be expressly delegated by the Board of Directors or by these Bylaws to some other officer or agent of the Foundation, or shall be required by law to be otherwise signed or executed;

Leadership and Direction: provides leadership to the Board of Directors with regards to policy setting and strategic planning. He/She helps guide and mediate board actions with respect to organizational priorities and governance concerns, and in general shall perform all duties incident to the office of Chairman of the Board subject to the control of the Board of Directors.

Organizational Responsibilities: He/She plays a leading role in fundraising activities, formally evaluate the performance of the Foundation Director and informally evaluate the effectiveness of the board members. An annual, overall evaluation of the performance of the organization in achieving its mission will be accomplished. He or she shall, when present, preside at all meetings of the Board of Directors, unless otherwise delegated, and such other duties as may be prescribed by the Board of Directors from time to time.
<br>
<br>
[[Image:Owasp_logo_icon.jpg|120 px|left]]
<br>

==== [[Chenxi_Wang,_Ph.D._(Forrester_Research) | Chenxi Wang, Ph.D.]]: Vice Chairman====

Performs Chair responsibilities when the Chair cannot be available, works closely with Chair and other Board Members, participates closely with Chair to develop and implement officer transition plans, performs other responsibilities as assigned by the Board.
<br>
<br>
<br>
[[Image:Owasp_logo_icon.jpg|120 px|left]]
<br><br>[https://www.owasp.org/index.php/Sherif_Mansour_2017_Bio_%26_Why_Me%3F '''Sherif Mansour''']''':''' '''Treasurer'''

Treasurer manages finances of the organization, administers fiscal matters of the organization, provides annual budget to the board for member’s approval, ensures development and board review of financial policies and procedures. [[Image:Owasp_logo_icon.jpg|120 px|left]]
<br>
<br>
==== [https://www.owasp.org/index.php/Owen_Pendlebury_2017_Bio_%26_Why_Me%3F Owen Pendlebury]: Secretary ====

Maintains records of the board and ensures effective management of organization’s records, manages minutes of board meetings, ensures minutes are distributed shortly after each meeting, is sufficiently familiar with legal documents (articles, bylaws, IRS letters, etc.) to note applicability during meetings; is the custodian of the corporate records and of the seal of the Foundation and see that the seal of the Foundation is affixed to all documents, the execution of which on behalf of the Foundation under its seal is duly authorized; keeps a register of the post office address of each Director which shall be furnished to the Secretary by such Director; and, in general perform all duties incident to the office of the Secretary and such other duties as from time to time may be assigned to him by the Chairman of the Board or by the Board.
<br>
[[Image:Owasp_logo_icon.jpg|120 px|left]]
<br>
==== [[User:Matt_Konda | Matt Konda]]: Member at Large====
<br>
<br>
<br>
[[Image:Owasp_logo_icon.jpg|120 px|left]]

==== [https://www.owasp.org/index.php/Greg_Anderson_2017_Bio_%26_Why_Me%3F Greg Anderson]: Member at Large ====
<br>

<br>
[[Image:Owasp_logo_icon.jpg|120 px|left]]
<br>
==== [[User:vanderaj |Andrew van der Stock]]: Member at Large ====

<br>
<br>

= How Meetings Operate =
'''CALL TO ORDER'''

The first order of business is for the chair to announce the call to order, along with the time. The secretary enters the time of the call to order in the minutes. After the meeting is called to order, the board chair may make welcoming remarks, ask for introductions, or read the organization’s mission and vision statements.

'''CHANGES TO THE AGENDA'''

The second order of business is for the chair to ask for changes to the agenda. Additions and deletions to the agenda will be made at this time. Having no changes, the agenda moves to approving the prior meeting’s minutes.

'''APPROVAL OF MINUTES'''

The third item on the agenda should list “Approval of Minutes” along with the date of the most recent meeting. In most cases, board members should have received a copy of the minutes prior to the meeting. If they have not contacted the secretary prior to the meeting with corrections or changes to the minutes, they have to opportunity to make them during this item on the agenda.

Board members have an ethical and legal responsibility to make sure that the recording of the minutes accurately reflect the board’s business.

'''REPORTS'''

The fourth item on the agenda is the reports. This first report should be a report from the Executive Director. This report should include a review of operations and projects. The Executive Director should give board members on overview of the business outlook including positive and negative trends, major initiatives, business updates, and other aspects of the business.

Following the Executive Director report, the Finance Director gives a report. Board members should make an effort to understand the financial reports so that they can identify potential financial threats. Understanding financial reports may also generate discussion about potential opportunities.

Subsequent reports may be given by committee chairs.

'''OLD BUSINESS'''

Items should include past business items that are unresolved, need further discussion, or require a board vote. Items may be tabled or referred to committee for further exploration.

'''NEW BUSINESS'''

Board members should have a discussion about new business items and identify a plan to take action. This may include tabling them, delaying action to a future date, or referring them to a committee.

'''COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS'''

At this point in the agenda, members may make announcements, such as offering congratulations or condolences, or make other special announcements. Any other business may be brought up at this time, for example, items that may need to be added to the next meeting’s agenda.

'''ADJOURNMENT'''

This is a formal closing of the meeting by the board chair. He should state the time that the meeting closed, so that the secretary may including it in the board minutes. The date of the next meeting should follow the adjournment item, so that board members will be reminded to put it on their calendars.

For more information about the Roberts Rules of Order see this [http://www.umecra.com/BylawsAndRules/Roberts%20Rules%20Handout.pdf CHEAT SHEET]

= Voting History =

=== Historical Votes on Motions ===
The purpose of this is to track the position on each motion as presented and how the elected official voted on the motion. This is useful for the membership to review how elected officials voted on items that effect the organization and its [https://www.owasp.org/index.php/OWASP_Foundation_ByLaws bylaws]. A motion is a request for action (budget requests, policy changes, new partnerships etc.) they can be presented by ANYONE to the board such as a member of the public, a member of the OWASP Foundation but does require a sponsor on the Board. That sponsor will present the motion to the board at least (10) working days in advance so it can be read in advance of the meeting. If appropriate a motion can be presented based to take action on the motion as written. For a vote to be called and action to be taken a second board member is required to carry the business to vote. On completion of the discussion the chairman will call for a vote to the motion YES, NO, ABSTAIN. For more details on this process try this [http://www.umecra.com/BylawsAndRules/Roberts%20Rules%20Handout.pdf CHEAT SHEET]

[https://www.owasp.org/index.php/OWASP_Board_Votes Historical Board Votes]

Note that if a motion is presented and is voted on and it is approved action will be taken to implement the motion. If the motion fails it can be resubmitted and the process starts again as if it is a new motion.

=== Attendance Tracker===
This is used to keep track that Board Members meet 75% attendance requirements as noted in section 3.03 of the organization bylaws. A meeting is logged as attended if the board member attends the entire meeting as scheduled from the call to order until it is adjourned, this includes executive session if applicable that is closed to the membership and general public for reasons related to human resources and legal issues that require it by law or for the good of the OWASP Foundation Inc. -
[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]

= Historical Meeting Archive =
== Archive 2018 ==
* [[September 2018 |September 27, 2018]] - 2:00 PM to 3:30 PM EDT ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=9&day=19&hour=18&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])
* [[August 2018 |August 15, 2018]] - 1:00 PM to 2:30 PM EDT ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=8&day=15&hour=17&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])
* [[July 4th, 2018|July 4th, 2018]] - during AppSec EU 2018
* [[June_19,_2018]] - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=6&day=19&hour=18&min=0&sec=0&p1=16&p2=78&p3=136&p4=179&p5=224&p6=102&p7=236&p8=152 Click Here for Meeting Time in Your Timezone]
* [[May 15, 2018]] - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=5&day=15&hour=19&min=0&sec=0&p1=16&p2=78&p3=136&p4=179&p5=224&p6=102&p7=236&p8=152 Click Here for Meeting Time in Your Timezone]
* [[April 4, 2018]] - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=4&day=4&hour=14&min=0&sec=0&p1=16&p2=78&p3=136&p4=179&p5=224&p6=102&p7=236&p8=152 TimeZone Converter]
* [[March 7, 2018]] - 3:00pm - 4:00pm EST - [https://www.timeanddate.com/worldclock/converted.html?iso=20180307T21&p1=16&p2=16&p3=676&p4=136&p5=78&p6=179&p7=224&p8=240&p9=102 Time Converter]
* [[February 7, 2018]] - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=2&day=7&hour=20&min=0&sec=0&p1=16&p2=179&p3=78&p4=102&p5=224&p6=136&p7=152&p8=676 TimeZone Converter]
* [[January 24, 2018]], [https://www.timeanddate.com/worldclock/fixedtime.html?msg=OWASP+Board+Meeting%2C+January+24+2018&iso=20180124T19&p1=16&ah=1&am=30 TimeZone Converter]

== Archive 2017 ==
* [[December 6, 2017]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=12&day=06&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[November 8, 2017]], 07:00-08:30 PST - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=11&day=8&hour=15&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[October 11, 2017]], 15:00 - 17:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=10&day=11&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[September 19, 2017]] 15:00-17:30 PDT, in Orlando at AppSecUSA - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=9&day=19&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[September 6, 2017]] 07:00-08:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=09&day=06&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter] (Cancelled for interviews)
*[[August 9, 2017]], 16:00-17:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=08&day=09&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[July 5, 2017]], 07:00-08:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=07&day=05&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[June 7, 2017]], 18:00-21:00 CEST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=06&day=07&hour=16&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[May 9, 2017]], 18:00-19:30 IST, in Belfast at AppSecEU - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=5&day=9&hour=17&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[April 12, 2017]], 16:00-17:00 PDT - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=04&day=12&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter] ('''Cancelled''' [http://lists.owasp.org/pipermail/owasp-board/2017-April/017969.html Notice by Matt Konda])
*[[March 22, 2017]] 06:00-07:30 PST - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=3&day=22&hour=13&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter] - *Special Meeting to approve the 2017 Budget*
* [[March 8, 2017]], 06:00-07:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=03&day=08&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[February 8, 2017]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=02&day=08&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[January 11, 2017]], 14:00-15:30 PST - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=1&day=10&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]

== Archive for 2016 Meetings ==
* [[December 14, 2016]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=12&day=14&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[November 8, 2016]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=09&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* CANCELLED - [[November 30, 2016]], 15:00-16:30 PST - placeholder only optional if needed - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=30&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[October 11, 2016]], at AppSecUSA 18:00 - 21:00 EDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=10&day=11&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[September 21, 2016]] 07:00-08:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=09&day=21&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[August 23, 2016]], 16:00-17:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=08&day=23&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[July 1, 2016]], 18:00-21:00 CEST, in Rome at AppSecEU - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=01&hour=16&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[July 27, 2016]], 07:00-08:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=27&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[May 18, 2016]], 07:00-08:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=05&day=18&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[April 20, 2016]], 16:00-17:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=04&day=20&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[March 16, 2016]], 16:00-17:00 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=03&day=16&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[February 17, 2016]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=02&day=17&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[January 13, 2016]], 16:00-17:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=01&day=14&hour=00&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]

== Archive for 2015 Meetings ==
* [[December 9, 2015]], 15:00-17:00 PST
* [[November 18, 2015]], 14:00-15:30 PST
* [[November 4, 2015]], 12:00-13:30 PST
* [[October 14, 2015]], 14:00-15:00 PDT
* [[September 25, 2015]] at AppSecUSA 18:00 - 20:00 PST
* [[August 12, 2015]], 16:00-17:00 PST
* [[July 22, 2015]], 14:00-15:00 PDT
* [[June 24, 2015]], 14:00-15:00 PDT
* [[May 22, 2015]], 18:00-20:00 CEST in Amsterdam @ AppSec-EU , 9:00am-11:00am PST;
* [[April 29, 2015]], 12:00-13:00 PST
* [[March 25, 2015]], 12:00-13:00 PST
* [[February 11, 2015]], 16:00-17:00 PST
* [[January 14, 2015]], 9am-10am PST

== Archive for 2014 Meetings ==
* [[December 10, 2014]], 9am-10am PST
* [[November 12, 2014]], 9am - 10am PST
* [[October 8, 2014]], 9am-10am PST
* [[September 16, 2014]], 6pm - 9pm MST, In person at Appsec USA
* [[August 13, 2014]], 9am-10am PST
* [[July 9, 2014]], 9am-10am PST
* [[June 27, 2014]], 8am - 4 pm BST, In person at AppSec Europe
* [[April 30, 2014]],9am - 12pm PST
* [[March 3, 2014]], 7am - 10am PST
* [[February 24, 2014]], 8am - 10am PST

== Archive for 2013 Meetings ==

*[[December 9, 2013]]

* December 2, 2013 - Special Board Meeting - [https://docs.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdGdJZ1BIaEZkc2V1QV81NmJ4dnI0R1E&usp=sharing 2014 Budget] walk through, Q & A (no meeting notes)

*[[November 22, 2013]] - In person meeting at AppSec USA - New York, NY

* November 11, 2013 - cancelled due to in person meeting on Nov. 22

*[[October 14, 2013]]

*[[September 9, 2013]]

*[[In person meeting at AppSec EU - Hamburg, Germany; August 19-24]]

* August 12, 2013 - canceled due to in person meeting on Aug 19

*[[July 8, 2013]]

*[[June 10, 2013]]

*[[May 31, 2013]]

*[[May 13, 2013]]

*[[April 8, 2013]]

*[[March 11, 2013]]

*[[February 11, 2013]]

*[[January 14, 2013]]

== Archive for 2012 Meetings ==

[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]

OWASP Foundation [https://www.owasp.org/images/a/ae/2012ByLawsFINAL.pdf ByLaws]

[https://www.owasp.org/index.php/Global_Committee_Pages Global Committees]

*[[January 9, 2012]]

*[[February 6, 2012]]

*[[February 15, 2012]]

*[[March 12, 2012]]

*[[April 5, 2012]]

*[[May 14,2012]]

*[[June 11, 2012]]

*[[July 11, 2012]]

*[[Aug 13, 2012]]

*[[Sept 10, 2012]]

*[[Oct 8, 2012]]

*[[Oct 24, 2012]]

*[[Nov 12, 2012]]

*[[Nov 26, 2012]] - 2013 Budget Focused

*[[Dec 10, 2012]]

*[[Dec 27, 2012]] - 2013 Budget Focused

== Archive for 2011 Meetings ==

*[[January 3, 2011]]

*[[March 7, 2011]]

*[[April_4_2011]]

*[[May_2_2011]]

*[[June 6, 2011]]

*[[July 11, 2011]]

*[[August 8, 2011]]

*[[September 6, 2011]]

*[[September 20, 2011]]

*[[September 22, 2011]]

*[[October 10, 2011]]

*[[November 14, 2011]]

*[[December 5, 2011]]

== Minutes for 2011 Meetings ==

<hr />

* [https://www.owasp.org/index.php/OWASP_Board_Votes Board Votes Historical]

<hr />

*[[Minutes January 3, 2011]]

*[[Minutes March 8, 2011]]

*[[Minutes April 4, 2011]]

*[[Minutes May 2, 2011]]

*[https://docs.google.com/a/owasp.org/document/d/1VD9ZHEwht9tmM8FKEQ6DBrtmL_gTAhSSnQhiFXYkJ7I/edit?hl=en_US&authkey=CIavkP4B June 6 2011]

*[https://docs.google.com/a/owasp.org/document/d/1VMwYrP6owtZ-SchBxUcWTIF-ITvzUX8PjUkLPwr2ipg/edit?hl=en_US&authkey=CIGTx5sD July 11 2011]

*[https://docs.google.com/a/owasp.org/document/d/1CLu9aQpS7LdeX87rJ5N9cuJ-RGGVzDWf34l6gdMml7M/edit?hl=en_US&authkey=CI-U5qEP August 8, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1HM32VcvWb0hizD5_mhWMULLaouzuRgA3ZYjODRZwyAs/edit?hl=en_US September 6, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1Y-8tZisUZM5ZKP8AxJqvkiNtFanVFM0m--bMG2PZ3ww/edit October 10, 2011]

*[https://docs.google.com/a/owasp.org/document/d/13-aHX2pSUXjCP8ivsbls6u1VX1BVSYewyMUH8LI7zpQ/edit November 14, 2011]

== Archive for 2010 Meetings ==
*[[January 5, 2010]]

*[[February 2, 2010]]

*[[March 2, 2010]] <span style="color:blue">Postponed until March 9, 2010</span>

*[[April 6, 2010]]

*[[May 4, 2010]]

*[[June 7, 2010]]

*[[July 12, 2010]]

*[[August 2, 2010]]

*[[September 8, 2010]]

*[[October 11, 2010]]

*[[November 9, 2010]]

*[[December_6_2010]]

== Archive of 2010 Meetings ==

*[[Jan 5, 2010]]

*[[Feb 2, 2010]]

*[[March 2, 2010]]

*[[Minutes April 6, 2010]]

*[[Minutes May 11, 2010]]

*[[Minutes June 7, 2010]]

*[[Minutes July 12, 2010]]

*[[Minutes October 11, 2010]]

*[[Minutes November 9, 2010]]

*[[Minutes_December_6,_2010]]

*[[OWASP Board Meetings January Agenda]]
*[[OWASP Board Meetings February Agenda]]
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April09 Agenda]]
*[[OWASP Board Meetings May09 Agenda]]
*[[OWASP Board Meetings June 09 Agenda]]
*[[OWASP Board Meeting July 7, 2009 Agenda]]
*[[OWASP Board Meeting August 4, 2009 Agenda]]
*[[OWASP Board Meeting September 1, 2009 Agenda]]
*[[OWASP Board Meeting October 6, 2009 Agenda]]
*[[OWASP Board Meeting November 10, 2009 Agenda]]
*[[OWASP Board Meeting December 1, 2009 Agenda]]

== Archive of 2009 Meetings ==
* [[OWASP Board Meetings 01-06-09]]
* [[OWASP Board Meetings 02-03-09]]
* [[OWASP Board Meetings 03-10-09]]
* [[OWASP Board Meetings April 09]]
* [[OWASP Board Meetings May 09]]
* [[OWASP Board Meetings June 09]]
* [[OWASP Board Meeting July 09]]
* [[OWASP Board Meeting August 09]]
* [[OWASP Board Meeting September 09]]
* [[OWASP Board Meeting October 09]]
* [[OWASP Board Meeting December 09]]

== Archive for 2008 Meetings ==
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April Agenda]]
*[[OWASP Board Meetings May Agenda]]
*[[OWASP Board Meetings June Agenda]]
*[[OWASP Board Meetings July Agenda]]
*[[OWASP Board Meetings August Agenda]]
*[[OWASP Board Meetings September Agenda]]
*[[OWASP Board Meetings October Agenda]]
*[[OWASP Board Meetings December Agenda]]

== Archive of 2008 Meetings ==
* [[OWASP Board Meetings 2-7-08]]
* [[OWASP Board Meetings 3-6-08]]
* [[OWASP Board Meetings 5-6-08]]
* [[OWASP Board Meetings 6-3-08]]
* [[OWASP Board Meetings 8-14-08]]
* [[OWASP Board Meetings 9-2-08]]
* [[Owasp Board Meetings 10-07-08]]
* [[Owasp Board Meetings 11-07-08]]
* [[Owasp Board Meetings 12-02-08]]

= Board Election Archive =

All elected officers are required to [https://docs.google.com/document/d/10zBT6oY2Q3B6kr6r7DGl3Cc0f5rGmQ0Slc6RYvbxmus/edit review sign and return] the following document before starting their term in office to the then current board Secretary

[https://www.owasp.org/index.php/OWASP_Board_History OWASP Board History]

===2017 Election===
[https://www.owasp.org/index.php/2017_Global_Board_of_Directors_Election 2017 Board Election]
=== 2016 Election ===
[https://www.owasp.org/index.php/2016_Global_Board_of_Directors_Election 2016 Board Election]
=== 2015 Election ===
[https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election 2015 Board Election]
=== 2014 Election ===
[https://www.owasp.org/index.php/2014_Board_Elections 2014 Board Election]
=== 2013 Election ===
[https://www.owasp.org/index.php/2013_Board_Elections 2013 Board Election]
=== 2012 Election ===
[https://www.owasp.org/index.php/Membership/2012_Election 2012 Board Election]
=== 2011 Election ===
[https://www.owasp.org/index.php/Membership/2011Election 2011 Board Election]
=== 2009 Election ===
[https://www.owasp.org/index.php/Board_Election_2009 2009 Board Election]

=== Past OWASP Boards ===

[[Board-2018]]

[[Board-2017]]

[[Board-2016]]

[[Board-2015]]

[[Board-2014]]

[[Board-2013]]

[[Board-2012]]

[[Board-2011]]

= Misc. =

* Teleconference Information: **CHECK MEETING INFORMATION**

* [https://www.owasp.org/index.php/International_Toll_Free_Calling_Information International Toll Free Calling Info]

* Meeting Template found [https://www.owasp.org/index.php/Board-Meeting-template here]

<headertabs> </headertabs>

Board

2018-11-18T09:56:22Z

Sherif: Updated Treasurer

__NOTOC__

= Board Meetings =
[https://www.owasp.org/index.php/About_OWASP#OWASP_Foundation_Bylaws Bylaws] are the most important legal document of any organization. Bylaws outline in writing the day-to-day rules for your organization and provide comprehensive guidelines to keep things running smoothly. If you want to understand the business of OWASP Foundation the best way to do that would be to examine the bylaws the the [https://www.owasp.org/index.php/About_OWASP#Form_990_Documents 990 forms filed with the United States Government as a non-profit annually.]

[https://www.owasp.org/index.php/About_OWASP#OWASP_Foundation_Bylaws Global Bylaws]

== Upcoming 2018 Meetings ==
* [[October 2018 |October 10, 2018]] - 3:00 to 4:30 PM EDT ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=10&day=10&hour=19&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones]) at AppSec USA 2018 Conference
* [[November 2018 |November 21, 2018]] - 12:00 PM to 1:30 PM EST ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=11&day=21&hour=17&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])
* [[December 2018 |December 19th, 2018]] - 1:00 PM to 2:30 PM EST ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=12&day=19&hour=19&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])

All board meeting notes that include actions as a result will be tracked in a single document for all meetings [https://docs.google.com/a/owasp.org/document/d/1aPmftVZH3-G96J6-wrpynwwZhBHtREe5a7g8owVYUag/edit?usp=sharing click here]

==2018 Elected by Membership, Global Board Members ==
[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Member, Meeting Attendance Tracking]

[https://www.owasp.org/index.php/OWASP_Board_History Historical Board Members by Year]
<br>
<br>
<br>
[[Image:Owasp_logo_icon.jpg|120 px|left]]
<br>
==== [[User:Knoblochmartin | Martin Knobloch]]: Chairman ====

The Chairman of the Board shall serve as the principal executive officer of the Foundation.

Fiduciary responsibilities: He/She shall, in general, supervise and control all of the business and affairs of the Foundation. He/She will monitor financial planning and financial reports He/She or he may sign, with the Secretary or any other proper officer of the Foundation thereunto authorized by the Board of Directors, any deeds, mortgages, bonds, contracts, or other instruments which the Board of Directors has authorized to be executed, except in cases where the signing and execution thereof shall be expressly delegated by the Board of Directors or by these Bylaws to some other officer or agent of the Foundation, or shall be required by law to be otherwise signed or executed;

Leadership and Direction: provides leadership to the Board of Directors with regards to policy setting and strategic planning. He/She helps guide and mediate board actions with respect to organizational priorities and governance concerns, and in general shall perform all duties incident to the office of Chairman of the Board subject to the control of the Board of Directors.

Organizational Responsibilities: He/She plays a leading role in fundraising activities, formally evaluate the performance of the Foundation Director and informally evaluate the effectiveness of the board members. An annual, overall evaluation of the performance of the organization in achieving its mission will be accomplished. He or she shall, when present, preside at all meetings of the Board of Directors, unless otherwise delegated, and such other duties as may be prescribed by the Board of Directors from time to time.
<br>
<br>
[[Image:Owasp_logo_icon.jpg|120 px|left]]
<br>

==== [[Chenxi_Wang,_Ph.D._(Forrester_Research) | Chenxi Wang, Ph.D.]]: Vice Chairman====

Performs Chair responsibilities when the Chair cannot be available, works closely with Chair and other Board Members, participates closely with Chair to develop and implement officer transition plans, performs other responsibilities as assigned by the Board.
<br>
<br>
<br>
[[Image:Owasp_logo_icon.jpg|120 px|left]]
<br><br>[https://www.owasp.org/index.php/Sherif_Mansour_2017_Bio_%26_Why_Me%3F '''Sherif Mansour''']''':''' '''Treasurer'''

Treasurer manages finances of the organization, administers fiscal matters of the organization, provides annual budget to the board for member’s approval, ensures development and board review of financial policies and procedures. [[Image:Owasp_logo_icon.jpg|120 px|left]]
<br>
<br>
==== [https://www.owasp.org/index.php/Owen_Pendlebury_2017_Bio_%26_Why_Me%3F Owen Pendlebury]: Secretary ====

Maintains records of the board and ensures effective management of organization’s records, manages minutes of board meetings, ensures minutes are distributed shortly after each meeting, is sufficiently familiar with legal documents (articles, bylaws, IRS letters, etc.) to note applicability during meetings; is the custodian of the corporate records and of the seal of the Foundation and see that the seal of the Foundation is affixed to all documents, the execution of which on behalf of the Foundation under its seal is duly authorized; keeps a register of the post office address of each Director which shall be furnished to the Secretary by such Director; and, in general perform all duties incident to the office of the Secretary and such other duties as from time to time may be assigned to him by the Chairman of the Board or by the Board.
<br>
[[Image:Owasp_logo_icon.jpg|120 px|left]]
<br>
==== [[User:Matt_Konda | Matt Konda]]: Member at Large====
<br>
<br>
<br>
[[Image:Owasp_logo_icon.jpg|120 px|left]]

==== [https://www.owasp.org/index.php/Greg_Anderson_2017_Bio_%26_Why_Me%3F Greg Anderson]: Member at Large ====
<br>

<br>
[[Image:Owasp_logo_icon.jpg|120 px|left]]
<br>
==== [[User:vanderaj |Andrew van der Stock]]: Member at Large ====

<br>
<br>

= How Meetings Operate =
'''CALL TO ORDER'''

The first order of business is for the chair to announce the call to order, along with the time. The secretary enters the time of the call to order in the minutes. After the meeting is called to order, the board chair may make welcoming remarks, ask for introductions, or read the organization’s mission and vision statements.

'''CHANGES TO THE AGENDA'''

The second order of business is for the chair to ask for changes to the agenda. Additions and deletions to the agenda will be made at this time. Having no changes, the agenda moves to approving the prior meeting’s minutes.

'''APPROVAL OF MINUTES'''

The third item on the agenda should list “Approval of Minutes” along with the date of the most recent meeting. In most cases, board members should have received a copy of the minutes prior to the meeting. If they have not contacted the secretary prior to the meeting with corrections or changes to the minutes, they have to opportunity to make them during this item on the agenda.

Board members have an ethical and legal responsibility to make sure that the recording of the minutes accurately reflect the board’s business.

'''REPORTS'''

The fourth item on the agenda is the reports. This first report should be a report from the Executive Director. This report should include a review of operations and projects. The Executive Director should give board members on overview of the business outlook including positive and negative trends, major initiatives, business updates, and other aspects of the business.

Following the Executive Director report, the Finance Director gives a report. Board members should make an effort to understand the financial reports so that they can identify potential financial threats. Understanding financial reports may also generate discussion about potential opportunities.

Subsequent reports may be given by committee chairs.

'''OLD BUSINESS'''

Items should include past business items that are unresolved, need further discussion, or require a board vote. Items may be tabled or referred to committee for further exploration.

'''NEW BUSINESS'''

Board members should have a discussion about new business items and identify a plan to take action. This may include tabling them, delaying action to a future date, or referring them to a committee.

'''COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS'''

At this point in the agenda, members may make announcements, such as offering congratulations or condolences, or make other special announcements. Any other business may be brought up at this time, for example, items that may need to be added to the next meeting’s agenda.

'''ADJOURNMENT'''

This is a formal closing of the meeting by the board chair. He should state the time that the meeting closed, so that the secretary may including it in the board minutes. The date of the next meeting should follow the adjournment item, so that board members will be reminded to put it on their calendars.

For more information about the Roberts Rules of Order see this [http://www.umecra.com/BylawsAndRules/Roberts%20Rules%20Handout.pdf CHEAT SHEET]

= Voting History =

=== Historical Votes on Motions ===
The purpose of this is to track the position on each motion as presented and how the elected official voted on the motion. This is useful for the membership to review how elected officials voted on items that effect the organization and its [https://www.owasp.org/index.php/OWASP_Foundation_ByLaws bylaws]. A motion is a request for action (budget requests, policy changes, new partnerships etc.) they can be presented by ANYONE to the board such as a member of the public, a member of the OWASP Foundation but does require a sponsor on the Board. That sponsor will present the motion to the board at least (10) working days in advance so it can be read in advance of the meeting. If appropriate a motion can be presented based to take action on the motion as written. For a vote to be called and action to be taken a second board member is required to carry the business to vote. On completion of the discussion the chairman will call for a vote to the motion YES, NO, ABSTAIN. For more details on this process try this [http://www.umecra.com/BylawsAndRules/Roberts%20Rules%20Handout.pdf CHEAT SHEET]

[https://www.owasp.org/index.php/OWASP_Board_Votes Historical Board Votes]

Note that if a motion is presented and is voted on and it is approved action will be taken to implement the motion. If the motion fails it can be resubmitted and the process starts again as if it is a new motion.

=== Attendance Tracker===
This is used to keep track that Board Members meet 75% attendance requirements as noted in section 3.03 of the organization bylaws. A meeting is logged as attended if the board member attends the entire meeting as scheduled from the call to order until it is adjourned, this includes executive session if applicable that is closed to the membership and general public for reasons related to human resources and legal issues that require it by law or for the good of the OWASP Foundation Inc. -
[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracker]

= Historical Meeting Archive =
== Archive 2018 ==
* [[September 2018 |September 27, 2018]] - 2:00 PM to 3:30 PM EDT ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=9&day=19&hour=18&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])
* [[August 2018 |August 15, 2018]] - 1:00 PM to 2:30 PM EDT ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=8&day=15&hour=17&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])
* [[July 4th, 2018|July 4th, 2018]] - during AppSec EU 2018
* [[June_19,_2018]] - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=6&day=19&hour=18&min=0&sec=0&p1=16&p2=78&p3=136&p4=179&p5=224&p6=102&p7=236&p8=152 Click Here for Meeting Time in Your Timezone]
* [[May 15, 2018]] - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=5&day=15&hour=19&min=0&sec=0&p1=16&p2=78&p3=136&p4=179&p5=224&p6=102&p7=236&p8=152 Click Here for Meeting Time in Your Timezone]
* [[April 4, 2018]] - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=4&day=4&hour=14&min=0&sec=0&p1=16&p2=78&p3=136&p4=179&p5=224&p6=102&p7=236&p8=152 TimeZone Converter]
* [[March 7, 2018]] - 3:00pm - 4:00pm EST - [https://www.timeanddate.com/worldclock/converted.html?iso=20180307T21&p1=16&p2=16&p3=676&p4=136&p5=78&p6=179&p7=224&p8=240&p9=102 Time Converter]
* [[February 7, 2018]] - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=2&day=7&hour=20&min=0&sec=0&p1=16&p2=179&p3=78&p4=102&p5=224&p6=136&p7=152&p8=676 TimeZone Converter]
* [[January 24, 2018]], [https://www.timeanddate.com/worldclock/fixedtime.html?msg=OWASP+Board+Meeting%2C+January+24+2018&iso=20180124T19&p1=16&ah=1&am=30 TimeZone Converter]

== Archive 2017 ==
* [[December 6, 2017]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=12&day=06&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[November 8, 2017]], 07:00-08:30 PST - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=11&day=8&hour=15&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[October 11, 2017]], 15:00 - 17:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=10&day=11&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[September 19, 2017]] 15:00-17:30 PDT, in Orlando at AppSecUSA - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=9&day=19&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[September 6, 2017]] 07:00-08:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=09&day=06&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter] (Cancelled for interviews)
*[[August 9, 2017]], 16:00-17:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=08&day=09&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[July 5, 2017]], 07:00-08:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=07&day=05&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[June 7, 2017]], 18:00-21:00 CEST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=06&day=07&hour=16&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[May 9, 2017]], 18:00-19:30 IST, in Belfast at AppSecEU - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=5&day=9&hour=17&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
*[[April 12, 2017]], 16:00-17:00 PDT - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=04&day=12&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter] ('''Cancelled''' [http://lists.owasp.org/pipermail/owasp-board/2017-April/017969.html Notice by Matt Konda])
*[[March 22, 2017]] 06:00-07:30 PST - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=3&day=22&hour=13&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter] - *Special Meeting to approve the 2017 Budget*
* [[March 8, 2017]], 06:00-07:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=03&day=08&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[February 8, 2017]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=02&day=08&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[January 11, 2017]], 14:00-15:30 PST - [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2017&month=1&day=10&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]

== Archive for 2016 Meetings ==
* [[December 14, 2016]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=12&day=14&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[November 8, 2016]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=09&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* CANCELLED - [[November 30, 2016]], 15:00-16:30 PST - placeholder only optional if needed - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=11&day=30&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[October 11, 2016]], at AppSecUSA 18:00 - 21:00 EDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=10&day=11&hour=22&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[September 21, 2016]] 07:00-08:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=09&day=21&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[August 23, 2016]], 16:00-17:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=08&day=23&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[July 1, 2016]], 18:00-21:00 CEST, in Rome at AppSecEU - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=01&hour=16&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[July 27, 2016]], 07:00-08:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=07&day=27&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[May 18, 2016]], 07:00-08:30 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=05&day=18&hour=14&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[April 20, 2016]], 16:00-17:00 PDT - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=04&day=20&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[March 16, 2016]], 16:00-17:00 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=03&day=16&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[February 17, 2016]], 15:00-16:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=02&day=17&hour=23&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]
* [[January 13, 2016]], 16:00-17:30 PST - [http://www.timeanddate.com/worldclock/meetingdetails.html?year=2016&month=01&day=14&hour=00&min=0&sec=0&p1=224&p2=24&p3=263&p4=78&p5=37&p6=102&p7=152 TimeZone Converter]

== Archive for 2015 Meetings ==
* [[December 9, 2015]], 15:00-17:00 PST
* [[November 18, 2015]], 14:00-15:30 PST
* [[November 4, 2015]], 12:00-13:30 PST
* [[October 14, 2015]], 14:00-15:00 PDT
* [[September 25, 2015]] at AppSecUSA 18:00 - 20:00 PST
* [[August 12, 2015]], 16:00-17:00 PST
* [[July 22, 2015]], 14:00-15:00 PDT
* [[June 24, 2015]], 14:00-15:00 PDT
* [[May 22, 2015]], 18:00-20:00 CEST in Amsterdam @ AppSec-EU , 9:00am-11:00am PST;
* [[April 29, 2015]], 12:00-13:00 PST
* [[March 25, 2015]], 12:00-13:00 PST
* [[February 11, 2015]], 16:00-17:00 PST
* [[January 14, 2015]], 9am-10am PST

== Archive for 2014 Meetings ==
* [[December 10, 2014]], 9am-10am PST
* [[November 12, 2014]], 9am - 10am PST
* [[October 8, 2014]], 9am-10am PST
* [[September 16, 2014]], 6pm - 9pm MST, In person at Appsec USA
* [[August 13, 2014]], 9am-10am PST
* [[July 9, 2014]], 9am-10am PST
* [[June 27, 2014]], 8am - 4 pm BST, In person at AppSec Europe
* [[April 30, 2014]],9am - 12pm PST
* [[March 3, 2014]], 7am - 10am PST
* [[February 24, 2014]], 8am - 10am PST

== Archive for 2013 Meetings ==

*[[December 9, 2013]]

* December 2, 2013 - Special Board Meeting - [https://docs.google.com/spreadsheet/ccc?key=0ApZ9zE0hx0LNdGdJZ1BIaEZkc2V1QV81NmJ4dnI0R1E&usp=sharing 2014 Budget] walk through, Q & A (no meeting notes)

*[[November 22, 2013]] - In person meeting at AppSec USA - New York, NY

* November 11, 2013 - cancelled due to in person meeting on Nov. 22

*[[October 14, 2013]]

*[[September 9, 2013]]

*[[In person meeting at AppSec EU - Hamburg, Germany; August 19-24]]

* August 12, 2013 - canceled due to in person meeting on Aug 19

*[[July 8, 2013]]

*[[June 10, 2013]]

*[[May 31, 2013]]

*[[May 13, 2013]]

*[[April 8, 2013]]

*[[March 11, 2013]]

*[[February 11, 2013]]

*[[January 14, 2013]]

== Archive for 2012 Meetings ==

[https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ApZ9zE0hx0LNdG5uRzNYZE8ycDFabnBWNkU4SFpwREE Board Meeting Attendance Tracking]

OWASP Foundation [https://www.owasp.org/images/a/ae/2012ByLawsFINAL.pdf ByLaws]

[https://www.owasp.org/index.php/Global_Committee_Pages Global Committees]

*[[January 9, 2012]]

*[[February 6, 2012]]

*[[February 15, 2012]]

*[[March 12, 2012]]

*[[April 5, 2012]]

*[[May 14,2012]]

*[[June 11, 2012]]

*[[July 11, 2012]]

*[[Aug 13, 2012]]

*[[Sept 10, 2012]]

*[[Oct 8, 2012]]

*[[Oct 24, 2012]]

*[[Nov 12, 2012]]

*[[Nov 26, 2012]] - 2013 Budget Focused

*[[Dec 10, 2012]]

*[[Dec 27, 2012]] - 2013 Budget Focused

== Archive for 2011 Meetings ==

*[[January 3, 2011]]

*[[March 7, 2011]]

*[[April_4_2011]]

*[[May_2_2011]]

*[[June 6, 2011]]

*[[July 11, 2011]]

*[[August 8, 2011]]

*[[September 6, 2011]]

*[[September 20, 2011]]

*[[September 22, 2011]]

*[[October 10, 2011]]

*[[November 14, 2011]]

*[[December 5, 2011]]

== Minutes for 2011 Meetings ==

<hr />

* [https://www.owasp.org/index.php/OWASP_Board_Votes Board Votes Historical]

<hr />

*[[Minutes January 3, 2011]]

*[[Minutes March 8, 2011]]

*[[Minutes April 4, 2011]]

*[[Minutes May 2, 2011]]

*[https://docs.google.com/a/owasp.org/document/d/1VD9ZHEwht9tmM8FKEQ6DBrtmL_gTAhSSnQhiFXYkJ7I/edit?hl=en_US&authkey=CIavkP4B June 6 2011]

*[https://docs.google.com/a/owasp.org/document/d/1VMwYrP6owtZ-SchBxUcWTIF-ITvzUX8PjUkLPwr2ipg/edit?hl=en_US&authkey=CIGTx5sD July 11 2011]

*[https://docs.google.com/a/owasp.org/document/d/1CLu9aQpS7LdeX87rJ5N9cuJ-RGGVzDWf34l6gdMml7M/edit?hl=en_US&authkey=CI-U5qEP August 8, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1HM32VcvWb0hizD5_mhWMULLaouzuRgA3ZYjODRZwyAs/edit?hl=en_US September 6, 2011]

*[https://docs.google.com/a/owasp.org/document/d/1Y-8tZisUZM5ZKP8AxJqvkiNtFanVFM0m--bMG2PZ3ww/edit October 10, 2011]

*[https://docs.google.com/a/owasp.org/document/d/13-aHX2pSUXjCP8ivsbls6u1VX1BVSYewyMUH8LI7zpQ/edit November 14, 2011]

== Archive for 2010 Meetings ==
*[[January 5, 2010]]

*[[February 2, 2010]]

*[[March 2, 2010]] <span style="color:blue">Postponed until March 9, 2010</span>

*[[April 6, 2010]]

*[[May 4, 2010]]

*[[June 7, 2010]]

*[[July 12, 2010]]

*[[August 2, 2010]]

*[[September 8, 2010]]

*[[October 11, 2010]]

*[[November 9, 2010]]

*[[December_6_2010]]

== Archive of 2010 Meetings ==

*[[Jan 5, 2010]]

*[[Feb 2, 2010]]

*[[March 2, 2010]]

*[[Minutes April 6, 2010]]

*[[Minutes May 11, 2010]]

*[[Minutes June 7, 2010]]

*[[Minutes July 12, 2010]]

*[[Minutes October 11, 2010]]

*[[Minutes November 9, 2010]]

*[[Minutes_December_6,_2010]]

*[[OWASP Board Meetings January Agenda]]
*[[OWASP Board Meetings February Agenda]]
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April09 Agenda]]
*[[OWASP Board Meetings May09 Agenda]]
*[[OWASP Board Meetings June 09 Agenda]]
*[[OWASP Board Meeting July 7, 2009 Agenda]]
*[[OWASP Board Meeting August 4, 2009 Agenda]]
*[[OWASP Board Meeting September 1, 2009 Agenda]]
*[[OWASP Board Meeting October 6, 2009 Agenda]]
*[[OWASP Board Meeting November 10, 2009 Agenda]]
*[[OWASP Board Meeting December 1, 2009 Agenda]]

== Archive of 2009 Meetings ==
* [[OWASP Board Meetings 01-06-09]]
* [[OWASP Board Meetings 02-03-09]]
* [[OWASP Board Meetings 03-10-09]]
* [[OWASP Board Meetings April 09]]
* [[OWASP Board Meetings May 09]]
* [[OWASP Board Meetings June 09]]
* [[OWASP Board Meeting July 09]]
* [[OWASP Board Meeting August 09]]
* [[OWASP Board Meeting September 09]]
* [[OWASP Board Meeting October 09]]
* [[OWASP Board Meeting December 09]]

== Archive for 2008 Meetings ==
*[[OWASP Board Meetings March Agenda]]
*[[OWASP Board Meetings April Agenda]]
*[[OWASP Board Meetings May Agenda]]
*[[OWASP Board Meetings June Agenda]]
*[[OWASP Board Meetings July Agenda]]
*[[OWASP Board Meetings August Agenda]]
*[[OWASP Board Meetings September Agenda]]
*[[OWASP Board Meetings October Agenda]]
*[[OWASP Board Meetings December Agenda]]

== Archive of 2008 Meetings ==
* [[OWASP Board Meetings 2-7-08]]
* [[OWASP Board Meetings 3-6-08]]
* [[OWASP Board Meetings 5-6-08]]
* [[OWASP Board Meetings 6-3-08]]
* [[OWASP Board Meetings 8-14-08]]
* [[OWASP Board Meetings 9-2-08]]
* [[Owasp Board Meetings 10-07-08]]
* [[Owasp Board Meetings 11-07-08]]
* [[Owasp Board Meetings 12-02-08]]

= Board Election Archive =

All elected officers are required to [https://docs.google.com/document/d/10zBT6oY2Q3B6kr6r7DGl3Cc0f5rGmQ0Slc6RYvbxmus/edit review sign and return] the following document before starting their term in office to the then current board Secretary

[https://www.owasp.org/index.php/OWASP_Board_History OWASP Board History]

===2017 Election===
[https://www.owasp.org/index.php/2017_Global_Board_of_Directors_Election 2017 Board Election]
=== 2016 Election ===
[https://www.owasp.org/index.php/2016_Global_Board_of_Directors_Election 2016 Board Election]
=== 2015 Election ===
[https://www.owasp.org/index.php/2015_Global_Board_of_Directors_Election 2015 Board Election]
=== 2014 Election ===
[https://www.owasp.org/index.php/2014_Board_Elections 2014 Board Election]
=== 2013 Election ===
[https://www.owasp.org/index.php/2013_Board_Elections 2013 Board Election]
=== 2012 Election ===
[https://www.owasp.org/index.php/Membership/2012_Election 2012 Board Election]
=== 2011 Election ===
[https://www.owasp.org/index.php/Membership/2011Election 2011 Board Election]
=== 2009 Election ===
[https://www.owasp.org/index.php/Board_Election_2009 2009 Board Election]

=== Past OWASP Boards ===

[[Board-2018]]

[[Board-2017]]

[[Board-2016]]

[[Board-2015]]

[[Board-2014]]

[[Board-2013]]

[[Board-2012]]

[[Board-2011]]

= Misc. =

* Teleconference Information: **CHECK MEETING INFORMATION**

* [https://www.owasp.org/index.php/International_Toll_Free_Calling_Information International Toll Free Calling Info]

* Meeting Template found [https://www.owasp.org/index.php/Board-Meeting-template here]

<headertabs> </headertabs>

August 2018

2018-08-15T16:59:23Z

Sherif: SM

Meeting Date: August 15, 2018

Meeting Time: 1:00 PM to 2:30 PM EDT ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=8&day=15&hour=17&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])

Meeting Location: Virtual

Address: N/A

Virtual: https://www3.gotomeeting.com/join/861328838

[[International_Toll_Free_Calling_Information |International Toll Free Calling Info]]

AGENDA

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES
Previous meeting minutes: [https://docs.google.com/document/d/1jTireNm8CDtCrtdVH85mOdjNaQ7BhIkSdD92kN-u054/edit?usp=sharing 2018-07-04 meeting minutes]
REPORTS
[https://www.owasp.org/images/4/46/6.30.18_P_%26_L_Board_summary_Wiki.pdf June 2018 P & L]
<br />
[https://www.owasp.org/images/3/3c/6.30.18_BS_summary_WIKI.pdf June 2018 Balance Sheet]
<br />
[https://www.owasp.org/images/7/7b/15_August_2018_BOD_Report.pdf June 2018 Board Report]
<br />
[https://www.owasp.org/images/6/64/12_July_2018_Estimated_Final_Registration_Report_Appsec_EU_2018_.pdf AppSec EU Final Registration Report]
<br />

OLD BUSINESS
From the OWASP Executive Director, Karen Staley
* [https://docs.google.com/document/d/1nb_K0vsCFN2Rc5EgxLBLJnvwkpSWLbKQn7lVV6g9cDA/edit?usp=sharing Draft Strategic Plan]
* [https://drive.google.com/open?id=1jb0SoyECHVe_XrylsPrJ5crfm9r0pBFzRSBM9CL2seY AppSec Conference Selection Criteria]
* Action on sponsorship guidelines. No sponsorship can be used to solicit additional chapter donations. As a non profit it is prohibited to solicit or trade out commercial exposure for donations to chapters.
* New Chapter Opening Guidelines: Chapter's can only be opened by those who reside and will manage the chapters in the said country and region of the chapter. Opening of a chapter must be predicated by interviews with the required leadership in said location of the chapter with a confirmation by the leaders that they live and work and will manage the chapter in the location.
NEW BUSINESS
* Board representation on local and global events:
** AppSec Israel - Regional - September 5-6 - Tel Aviv, Israel
** OWASP Portland 2018 Training Day - Regional - October 3 - Portland, OR
** AppSec Morocco 2018 - Regional - October 4-5 - Morocco
** OWASP Poland Day 2018 - Regional - October 10 - Poland
** OWASP AppSec Day 2018 - Regional - October 19 - Melbourne, Australia
** LASCON 2018 - Regional - October 23-26 - Austin, TX
** OWASP AppSec Bucharest 2018 - Regional - October 25-26 - Bucharest, Romania
** OWASP BASC 2018 - Local - October 27 - Boston, MA
** OWASP AppSec Indonesia 2018 - Regional - November 1-3 - Indonesia
** German OWASP Day - Regional - November 19-20 - Münster, Germany
** OWASP Norway Day 2018 - Regional - November 29 - Norway
** AppSec California 2019 - Regional - January 22-25, 2019 - Santa Monica, CA
** Request for update on discussions with chapters on support models/event ratios/finances
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

=<nowiki>=</nowiki>=

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

August 2018

2018-08-15T16:56:12Z

Sherif: Sherif

Meeting Date: August 15, 2018

Meeting Time: 1:00 PM to 2:30 PM EDT ([https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=8&day=15&hour=17&min=0&sec=0&p1=179&p2=24&p3=16&p4=136&p5=224 time zones])

Meeting Location: Virtual

Address: N/A

Virtual: https://www3.gotomeeting.com/join/861328838

[[International_Toll_Free_Calling_Information |International Toll Free Calling Info]]

AGENDA

CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES
Previous meeting minutes: [https://docs.google.com/document/d/1jTireNm8CDtCrtdVH85mOdjNaQ7BhIkSdD92kN-u054/edit?usp=sharing 2018-07-04 meeting minutes]
REPORTS
[https://www.owasp.org/images/4/46/6.30.18_P_%26_L_Board_summary_Wiki.pdf June 2018 P & L]
<br />
[https://www.owasp.org/images/3/3c/6.30.18_BS_summary_WIKI.pdf June 2018 Balance Sheet]
<br />
[https://www.owasp.org/images/7/7b/15_August_2018_BOD_Report.pdf June 2018 Board Report]
<br />
[https://www.owasp.org/images/6/64/12_July_2018_Estimated_Final_Registration_Report_Appsec_EU_2018_.pdf AppSec EU Final Registration Report]
<br />

OLD BUSINESS
From the OWASP Executive Director, Karen Staley
* [https://docs.google.com/document/d/1nb_K0vsCFN2Rc5EgxLBLJnvwkpSWLbKQn7lVV6g9cDA/edit?usp=sharing Draft Strategic Plan]
* [https://drive.google.com/open?id=1jb0SoyECHVe_XrylsPrJ5crfm9r0pBFzRSBM9CL2seY AppSec Conference Selection Criteria]
* Action on sponsorship guidelines. No sponsorship can be used to solicit additional chapter donations. As a non profit it is prohibited to solicit or trade out commercial exposure for donations to chapters.
* New Chapter Opening Guidelines: Chapter's can only be opened by those who reside and will manage the chapters in the said country and region of the chapter. Opening of a chapter must be predicated by interviews with the required leadership in said location of the chapter with a confirmation by the leaders that they live and work and will manage the chapter in the location.
NEW BUSINESS
* Board representation on local and global events:
** AppSec Israel - Regional - September 5-6 - Tel Aviv, Israel
** OWASP Portland 2018 Training Day - Regional - October 3 - Portland, OR
** AppSec Morocco 2018 - Regional - October 4-5 - Morocco
** OWASP Poland Day 2018 - Regional - October 10 - Poland
** OWASP AppSec Day 2018 - Regional - October 19 - Melbourne, Australia
** LASCON 2018 - Regional - October 23-26 - Austin, TX
** OWASP AppSec Bucharest 2018 - Regional - October 25-26 - Bucharest, Romania
** OWASP BASC 2018 - Local - October 27 - Boston, MA
** OWASP AppSec Indonesia 2018 - Regional - November 1-3 - Indonesia
** German OWASP Day - Regional - November 19-20 - Münster, Germany
** OWASP Norway Day 2018 - Regional - November 29 - Norway
** AppSec California 2019 - Regional - January 22-25, 2019 - Santa Monica, CA Request for update on discussions with chapters on support models/event ratios/finances
COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

=<nowiki>=</nowiki>=

==Old Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

==New Business==
All active board proposals are listed [https://drive.google.com/folderview?id=0BxSfMVkfLvslVXdvUFV3NkxucWc&usp=sharing here]

Individual Member

2018-07-21T17:25:42Z

Sherif: We need to explain the price of membership changes depending on the region

*As a member of the internet community you agree with the [https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project ethics and principles] of the OWASP Foundation.
*Exclusive entrance to our Member Lounge open at our Global AppSec events
*You want to underscore your awareness of software security.
*You want to continue to increase your value, knowledge and expand your skills when attending OWASP conferences at a discount.
*You want to expand your personal network of global contacts. Membership in one of OWASP's Chapters immediately puts you in contact with a local circle of peers with similar job responsibilities and concerns. Belong to a community of professionals that share mutual goals, interests and commitments defending society against the ever increasing information security and cyber threats.[https://www.linkedin.com/groups/36874 OWASP LinkedIn Group]
*You want to support your profession.
*40% of your annual membership fee can directly support a local chapter or project of your choice. You may split your allocation evenly to support one chapter AND/OR one project.
*You get a @OWASP.ORG email address if you desire to collaborate with peers globally, so you do not have to use your company/personal email address if you do not want to. This complimentary email address will be disabled 30 days after membership expires. [http://sl.owasp.org/contactus Submit a request.]
*[http://www.tfaforms.com/315084 Request] to receive our monthly newsletter that will keep you up to date with the latest developments within the organization and the wider profession.
*You will have (1) vote for annual elections on issues that shape the direction of the professional community.

'''$50/USD''' '''40/Euros 12 Month Membership*'''

'''$95/USD 2 Year Membership'''

'''$500/USD Lifetime Membership'''

[[newmembership|Return to Membership]]

July 4th, 2018

2018-07-04T14:59:31Z

Sherif: 2019

Meeting Date: July 4th, 2018

Meeting Location: Virtual (GoToMeeting) and [http://sched.co/FMAM Burns room, 4th Floor, QEII Centre, London, UK]<br />Meeting Times: [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2018&month=7&day=4&hour=14&min=30&sec=0&p1=136&iv=1800 July 4th, 2018 at 3:30 PM]<br />Virtual: GoToMeeting Meeting ID: 861-328-838

[[International Toll Free Calling Information]]

<u>Additional meeting at AppSec EU 2018</u>

Meeting Date: July 4th, 2018

Meeting Location: Virtual (GoToMeeting) and [http://sched.co/FMAS Chaucer room, 4th Floor, QEII Centre, London, UK]<br />Meeting Times: July 4th at 12:00 PM<br />Virtual: GoToMeeting Meeting ID: 861-328-838

[[International Toll Free Calling Information]]

'''Note: Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording'''

AGENDA
OWASP Executive Director
* [https://docs.google.com/document/d/1nb_K0vsCFN2Rc5EgxLBLJnvwkpSWLbKQn7lVV6g9cDA/edit?usp=sharing Draft Strategic Plan]
* [https://drive.google.com/open?id=1jb0SoyECHVe_XrylsPrJ5crfm9r0pBFzRSBM9CL2seY AppSec Conference Selection Criteria]
* Action on sponsorship guidelines. No sponsorship can be used to solicit additional chapter donations. As a non profit it is prohibited to solicit or trade out commercial exposure for donations to chapters.
* New Chapter Opening Guidelines: Chapter's can only be opened by those who reside and will manage the chapters in the said country and region of the chapter. Opening of a chapter must be predicated by interviews with the required leadership in said location of the chapter with a confirmation by the leaders that they live and work and will manage the chapter in the location.
CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES [https://docs.google.com/document/d/1pHfL68xVupCb8LXxwTFs5hfL92VajkbN3HTuPfsdatc/edit?usp=sharing prior meeting minutes]

REPORTS
[https://drive.google.com/open?id=0Bzb3QwFMHCXrZ3N4b1NDS0N3RDNnNzVvSlpxbnYyZXI4OE9r Executive Director Board report for July 2018]

[https://drive.google.com/open?id=0Bzb3QwFMHCXrak0wS1Rsb2k5aG1MVWhGNHJ4RGY3WkFyc0Fv Registration report for AppSec EU 2018]
OLD BUSINESS

NEW BUSINESS

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

==Old Business==

==New Business==
* To vote on the events strategy as discussed during the June Board meeting http://sl.owasp.org/globalappsecstrategy
* To hear the foundations feedback on a global (AppSec) event in Tel Aviv and '''vote''' on hosting an event there in 2019.
** I could urge the board to listen back to the recordings on what has been communicated to the community.
** The recodring can be found here: https://drive.google.com/file/d/1yXPSr8XcFnO63vXSTOCRTb16tn5YTFww/view
* Vote of the compliance committee charter.
* Coursera
** UC Davis would like to use OWASP ideas and content to create coursware on Coursera consisting of:
*** Unchanged OWASP reference materials (we would link these directly from OWASP site so they are always current).
*** Video lectures based on OWASP materials and instructor experience.
*** Quizzes and small practice exercises based on the OWASP materials.
*** Exercises with OWASP tools such as JuiceShop (we would not modify the tools, but will create prompts, context, and peer grading rubrics).
*** This course would be marketed to Coursera's audience of 30M+ learners globally.
*** Video, quiz, and exercise content may be derivative work from the OWASP source content.
*** Videos can be accessed without login or any other authentication requirement from UC Davis, Coursera, and OWASP.
*** Access to the videos within context of the course requires learners to set up a Coursera login.
*** Assignments and exercises will be behind the paywall for the courses. Scholarships are available and widely used for the courses.
* Amend bylaws in relation to board meeting attendance
== Discussion ==
# '''The structure of the board:'''
## Do we need more diverse views on the board? e.g. adding 1 or 2 indpependent board memebers who have difference experiences in charities/foundations (i.e. specialise in finance/HR/Governance etc..).
## The concern is we have a rotating list of board memebers who specialise in AppSec, but not necessarily the skills needed to set the strategy for a foundation. For most foundations (can companies their boards are people form diverse backgrounds for that very reason.
# '''Adding Resilence in the managment of the foundation:'''
## An ED for OWASP must be a full time epmployee. If the chairperson would like to step in the role of (interim) ED they can do so, but only if they take a full time position within OWASP (which also means resigning from their current full eomployment roles).
## Should we have a clause that says at any time we need a named iterim ED incase anything goes wrong.
## Establish a process for the interm period (either we find a new ED, or tranistion the interm ED into the permanent role.
# '''Setting Scheduled Cycles for the foundation strategy:'''
## We need a process to develop, review, and adjust the strategic direction for the foundation on a regularl basis, that is also in-sync with the BoD elections.
## We still (as of end of June) do not have a strategy for the foundation agreed for the foundation to execute, granted we have a few initiatives we need to address in peice meal but we have not set the over all picture.
## I have seen a proposal from Karen but this needs to be reviewed and agreed with the BoD ammendments. As a board we have yet to set one, and I would like us to go over this during the meetings.
## '''Addressing the effectiveness of OWASP Board meetings'''
## How do we bring more votable items and valuable strategic discussions to our meetings.

July 4th, 2018

2018-07-02T11:48:16Z

Sherif:

Meeting Date: July 4th 2018

Meeting Location: Virtual and Burns, 4th Floor, QEII Centre, London, UK<br />
Meeting Time: [[July 4th, 2018]] - 3:30 p.m.<br />
Virtual: GoToMeeting Meeting ID: 861-328-838 <br />

[[International Toll Free Calling Information]]

'''Note: Joining the call acknowledges your awareness of recording and consent to be recorded and public dissemination of the recording'''

AGENDA
OWASP Executive Director
* [https://docs.google.com/document/d/1nb_K0vsCFN2Rc5EgxLBLJnvwkpSWLbKQn7lVV6g9cDA/edit?usp=sharing Draft Strategic Plan]
* [https://drive.google.com/open?id=1jb0SoyECHVe_XrylsPrJ5crfm9r0pBFzRSBM9CL2seY AppSec Conference Selection Criteria]
* Action on sponsorship guidelines. No sponsorship can be used to solicit additional chapter donations. As a non profit it is prohibited to solicit or trade out commercial exposure for donations to chapters.
* New Chapter Opening Guidelines: Chapter's can only be opened by those who reside and will manage the chapters in the said country and region of the chapter. Opening of a chapter must be predicated by interviews with the required leadership in said location of the chapter with a confirmation by the leaders that they live and work and will manage the chapter in the location.
CALL TO ORDER

CHANGES TO THE AGENDA

APPROVAL OF MINUTES [https://docs.google.com/document/d/1pHfL68xVupCb8LXxwTFs5hfL92VajkbN3HTuPfsdatc/edit?usp=sharing prior meeting minutes]

REPORTS

OLD BUSINESS

NEW BUSINESS

COMMENTS, ANNOUNCEMENTS, AND OTHER BUSINESS

ADJOURNMENT

==Old Business==

==New Business==
* To vote on the events strategy as discussed during the June Board meeting http://sl.owasp.org/globalappsecstrategy
* To hear the foundations feedback on a global (AppSec) event in Tel Aviv and '''vote''' on hosting an event there in 2018.
** I could urge the board to listen back to the recordings on what has been communicated to the community.
** The recodring can be found here: https://drive.google.com/file/d/1yXPSr8XcFnO63vXSTOCRTb16tn5YTFww/view
* Vote of the compliance committee charter.

== Discussion ==
# '''The structure of the board:'''
## Do we need more diverse views on the board? e.g. adding 1 or 2 indpependent board memebers who have difference experiences in charities/foundations (i.e. specialise in finance/HR/Governance etc..).
## The concern is we have a rotating list of board memebers who specialise in AppSec, but not necessarily the skills needed to set the strategy for a foundation. For most foundations (can companies their boards are people form diverse backgrounds for that very reason.
# '''Adding Resilence in the managment of the foundation:'''
## An ED for OWASP must be a full time epmployee. If the chairperson would like to step in the role of (interim) ED they can do so, but only if they take a full time position within OWASP (which also means resigning from their current full eomployment roles).
## Should we have a clause that says at any time we need a named iterim ED incase anything goes wrong.
## Establish a process for the interm period (either we find a new ED, or tranistion the interm ED into the permanent role.
# '''Setting Scheduled Cycles for the foundation strategy:'''
## We need a process to develop, review, and adjust the strategic direction for the foundation on a regularl basis, that is also in-sync with the BoD elections.
## We still (as of end of June) do not have a strategy for the foundation agreed for the foundation to execute, granted we have a few initiatives we need to address in peice meal but we have not set the over all picture.
## I have seen a proposal from Karen but this needs to be reviewed and agreed with the BoD ammendments. As a board we have yet to set one, and I would like us to go over this during the meetings.