This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Summit 2011 Working Sessions/Session082
Global Summit 2011 Home Page
Global Summit 2011 Tracks
 How can OWASP reach/talk/engage with auditors
| ||||||
|---|---|---|---|---|---|---|
| Please see/use the 'discussion' page for more details about this Working Session | ||||||
| Working Sessions Operational Rules - Please see here the general frame of rules. |
| WORKING SESSION IDENTIFICATION | ||||||
|---|---|---|---|---|---|---|
| Short Work Session Description | Are you an auditor? Not in the sense of one who "audits" web applications for vulnerabilities, but one engaged in the professional practice of internal auditing. Have you been audited? (No, not by the IRS.) Do you really know what auditors do, how the appsec "world" looks to them, and how they can help you?
The IIA defines auditing as "an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes." This working session aims to:
The proposed track for this working session is OWASP. If you are interested in participating in this working session please edit the Working Session Participants section below to add your name & areas of interest. Please feel free to join the discussion of this working session in the Summit 2011 Working Sessions Google Group. | |||||
| Related Projects (if any) |
| |||||
| Email Contacts & Roles | Chair Matthew Chalmers @ |
Operational Manager |
Mailing list Subscription Page | |||
| WORKING SESSION SPECIFICS | ||||||
|---|---|---|---|---|---|---|
| Objectives |
| |||||
| Venue/Date&Time/Model | Venue/Room OWASP Global Summit Portugal 2011 |
Date & Time
|
Discussion Model participants and attendees | |||
| |
|---|
| WORKING SESSION OPERATIONAL RESOURCES | ||||||
|---|---|---|---|---|---|---|
| Projector, whiteboards, markers, Internet connectivity, power | ||||||
| |
|---|
| WORKING SESSION ADDITIONAL DETAILS | ||||||
|---|---|---|---|---|---|---|
| WORKING SESSION OUTCOMES / DELIVERABLES | ||
|---|---|---|
| Proposed by Working Group | Approved by OWASP Board | |
|
A white paper describing specific strategies for interacting with auditors as described above. |
After the Board Meeting - fill in here. | |
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
| After the Board Meeting - fill in here. | ||
Working Session Participants
(Add you name by clicking "edit" on the tab on the upper left side of this page)
| WORKING SESSION PARTICIPANTS | ||||||
|---|---|---|---|---|---|---|
| Name | Company | Notes & reason for participating, issues to be discussed/addressed | ||||
| Matthew Chalmers @ |
 |
Wish to dispel myths about IT auditing and find out how security, development and audit folks are working together | ||||
| Achim Hoffmann @ |
 |
define/find the circle: pentest - audit- workshop | ||||
| Justin Clarke @ |
Gotham Digital Science |
Don't do IT audits anymore, but I used to and I'm still a CISA | ||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
| |
| |||||
