CISO AppSec Guide: Introduction - Revision history

Marco-cincy at 23:23, 3 November 2017

2017-11-03T23:23:46Z

Marco-cincy at 23:22, 3 November 2017

2017-11-03T23:22:32Z

Marco-cincy at 23:20, 3 November 2017

2017-11-03T23:20:21Z

Marco-cincy at 23:18, 3 November 2017

2017-11-03T23:18:44Z

Clerkendweller: Added NOTOC

2013-11-06T17:17:33Z

Added NOTOC

Clerkendweller: /* Introduction */ Line break

2013-11-06T16:01:45Z

‎Introduction: Line break

Clerkendweller: Deleted line break

2013-11-06T10:29:52Z

Deleted line break

Clerkendweller: /* Introduction */ Separated out citizen/client/customer

2013-11-06T10:29:36Z

‎Introduction: Separated out citizen/client/customer

Stephanie Tan at 02:42, 2 November 2013

2013-11-02T02:42:30Z

Marco-cincy at 07:58, 27 October 2013

2013-10-27T07:58:22Z

← Older revision		Revision as of 23:23, 3 November 2017
Line 1:		Line 1:
−	[[Application Security Guide For ~~CISO~~ \|< Back to the Application Security Guide For CISOs]]	+	[[Application Security Guide For CISOs\|< Back to the Application Security Guide For CISOs]]

	__NOTOC__		__NOTOC__

← Older revision		Revision as of 23:22, 3 November 2017
Line 1:		Line 1:
−	[[Application Security Guide For ~~CISOsv2~~\|< Back to the Application Security Guide For CISOs]]	+	[[Application Security Guide For CISO \|< Back to the Application Security Guide For CISOs]]

	__NOTOC__		__NOTOC__

← Older revision		Revision as of 23:20, 3 November 2017
Line 1:		Line 1:
−	[[Application Security Guide For ~~CISOs v2~~\|< Back to the Application Security Guide For CISOs]]	+	[[Application Security Guide For CISOsv2\|< Back to the Application Security Guide For CISOs]]

	__NOTOC__		__NOTOC__

← Older revision		Revision as of 23:18, 3 November 2017
Line 1:		Line 1:
−	[[Application Security Guide For CISOs\|< Back to the Application Security Guide For CISOs]]	+	[[Application Security Guide For CISOs v2\|< Back to the Application Security Guide For CISOs]]

	__NOTOC__		__NOTOC__

← Older revision		Revision as of 17:17, 6 November 2013
Line 1:		Line 1:
	[[Application Security Guide For CISOs\|< Back to the Application Security Guide For CISOs]]		[[Application Security Guide For CISOs\|< Back to the Application Security Guide For CISOs]]
		+
		+	__NOTOC__
		+
	= Introduction =		= Introduction =

← Older revision		Revision as of 16:01, 6 November 2013
Line 3:		Line 3:

	Among application security stakeholders, Chief Information Security Officers (CISOs) are responsible for application security from governance, compliance and risk perspectives. This guide seeks to help CISOs manage application security programs according to CISO roles, responsibilities, perspectives and needs. Application security best practices and OWASP resources are referenced throughout this guide. OWASP is a non profit organization whose mission is "making application security visible and empowering application security stakeholders with the right information for managing application security risks".		Among application security stakeholders, Chief Information Security Officers (CISOs) are responsible for application security from governance, compliance and risk perspectives. This guide seeks to help CISOs manage application security programs according to CISO roles, responsibilities, perspectives and needs. Application security best practices and OWASP resources are referenced throughout this guide. OWASP is a non profit organization whose mission is "making application security visible and empowering application security stakeholders with the right information for managing application security risks".
		+
	This CISO guide is written to help CISOs that are responsible for managing application security programs from the information security and risk management perspectives. From the information security perspective, there is a need to protect the organization assets such as the citizen, client and customer sensitive data, the databases where this data is stored, the network infrastructure where the database servers reside and last but not least, the applications and software used to access and process this data. Besides business and user data, applications and software are among the assets that CISOs seek to protect. Some of these applications and software provide business critical functions to customers that generate revenues for the organization. Examples include applications and software that provide customers with business services as well as applications and software that are sold as products to the clients. In the case where software applications are considered business critical information assets, these should receive a specific focus in human resources, training, processes, standards and tools. The scope of this guide is the security of web applications and the security of the components of the architecture such as the security of web servers, application servers and databases. This does not include other aspects of security that are not related to the specific application. Such as the security of the network infrastructure that supports the applications and constitutes a valued asset whose security properties such as confidentiality, integrity and availability need to be protected as well.		This CISO guide is written to help CISOs that are responsible for managing application security programs from the information security and risk management perspectives. From the information security perspective, there is a need to protect the organization assets such as the citizen, client and customer sensitive data, the databases where this data is stored, the network infrastructure where the database servers reside and last but not least, the applications and software used to access and process this data. Besides business and user data, applications and software are among the assets that CISOs seek to protect. Some of these applications and software provide business critical functions to customers that generate revenues for the organization. Examples include applications and software that provide customers with business services as well as applications and software that are sold as products to the clients. In the case where software applications are considered business critical information assets, these should receive a specific focus in human resources, training, processes, standards and tools. The scope of this guide is the security of web applications and the security of the components of the architecture such as the security of web servers, application servers and databases. This does not include other aspects of security that are not related to the specific application. Such as the security of the network infrastructure that supports the applications and constitutes a valued asset whose security properties such as confidentiality, integrity and availability need to be protected as well.

@@ Line 4: / Line 4: @@
 Among application security stakeholders, Chief Information Security Officers (CISOs) are responsible for application security from governance, compliance and risk perspectives. This guide seeks to help CISOs manage application security programs according to CISO roles, responsibilities, perspectives and needs. Application security best practices and OWASP resources are referenced throughout this guide. OWASP is a non profit organization whose mission is "making application security visible and empowering application security stakeholders with the right information for managing application security risks".
 This CISO guide is written to help CISOs that are responsible for managing application security programs from the information security and risk management perspectives. From the information security perspective, there is a need to protect the organization assets such as the citizen, client and customer sensitive data, the databases where this data is stored, the network infrastructure where the database servers reside and last but not least, the applications and software used to access and process this data. Besides business and user data,  applications and software are among the assets that CISOs seek to protect. Some of these applications and software provide business critical functions to customers that generate revenues for the organization. Examples include applications and software that provide customers with business services as well as applications and software that are sold as products to the clients. In the case where software applications are considered business critical information assets, these should receive a specific focus in human resources, training, processes, standards and tools. The scope of this guide is the security of web applications and the security of the components of the architecture such as the security of web servers, application servers and databases. This does not include other aspects of security that are not related to the specific application. Such as the security of the network infrastructure that supports the applications and constitutes a valued asset whose security properties such as confidentiality, integrity and availability need to be protected as well.
 == Objectives  ==

← Older revision		Revision as of 10:29, 6 November 2013
Line 3:		Line 3:

	Among application security stakeholders, Chief Information Security Officers (CISOs) are responsible for application security from governance, compliance and risk perspectives. This guide seeks to help CISOs manage application security programs according to CISO roles, responsibilities, perspectives and needs. Application security best practices and OWASP resources are referenced throughout this guide. OWASP is a non profit organization whose mission is "making application security visible and empowering application security stakeholders with the right information for managing application security risks".		Among application security stakeholders, Chief Information Security Officers (CISOs) are responsible for application security from governance, compliance and risk perspectives. This guide seeks to help CISOs manage application security programs according to CISO roles, responsibilities, perspectives and needs. Application security best practices and OWASP resources are referenced throughout this guide. OWASP is a non profit organization whose mission is "making application security visible and empowering application security stakeholders with the right information for managing application security risks".
−	This CISO guide is written to help CISOs that are responsible for managing application security programs from the information security and risk management perspectives. From the information security perspective, there is a need to protect the organization assets such as the citizen/client/customer sensitive data, the databases where this data is stored, the network infrastructure where the database servers reside and last but not least, the applications and software used to access and process this data. Besides business and user data, applications and software are among the assets that CISOs seek to protect. Some of these applications and software provide business critical functions to customers that generate revenues for the organization. Examples include applications and software that provide customers with business services as well as applications and software that are sold as products to the clients. In the case where software applications are considered business critical information assets, these should receive a specific focus in human resources, training, processes, standards and tools. The scope of this guide is the security of web applications and the security of the components of the architecture such as the security of web servers, application servers and databases. This does not include other aspects of security that are not related to the specific application. Such as the security of the network infrastructure that supports the applications and constitutes a valued asset whose security properties such as confidentiality, integrity and availability need to be protected as well.	+	This CISO guide is written to help CISOs that are responsible for managing application security programs from the information security and risk management perspectives. From the information security perspective, there is a need to protect the organization assets such as the citizen, client and customer sensitive data, the databases where this data is stored, the network infrastructure where the database servers reside and last but not least, the applications and software used to access and process this data. Besides business and user data, applications and software are among the assets that CISOs seek to protect. Some of these applications and software provide business critical functions to customers that generate revenues for the organization. Examples include applications and software that provide customers with business services as well as applications and software that are sold as products to the clients. In the case where software applications are considered business critical information assets, these should receive a specific focus in human resources, training, processes, standards and tools. The scope of this guide is the security of web applications and the security of the components of the architecture such as the security of web servers, application servers and databases. This does not include other aspects of security that are not related to the specific application. Such as the security of the network infrastructure that supports the applications and constitutes a valued asset whose security properties such as confidentiality, integrity and availability need to be protected as well.

← Older revision		Revision as of 02:42, 2 November 2013
Line 3:		Line 3:

	Among application security stakeholders, Chief Information Security Officers (CISOs) are responsible for application security from governance, compliance and risk perspectives. This guide seeks to help CISOs manage application security programs according to CISO roles, responsibilities, perspectives and needs. Application security best practices and OWASP resources are referenced throughout this guide. OWASP is a non profit organization whose mission is "making application security visible and empowering application security stakeholders with the right information for managing application security risks".		Among application security stakeholders, Chief Information Security Officers (CISOs) are responsible for application security from governance, compliance and risk perspectives. This guide seeks to help CISOs manage application security programs according to CISO roles, responsibilities, perspectives and needs. Application security best practices and OWASP resources are referenced throughout this guide. OWASP is a non profit organization whose mission is "making application security visible and empowering application security stakeholders with the right information for managing application security risks".
		+	This CISO guide is written to help CISOs that are responsible for managing application security programs from the information security and risk management perspectives. From the information security perspective, there is a need to protect the organization assets such as the citizen/client/customer sensitive data, the databases where this data is stored, the network infrastructure where the database servers reside and last but not least, the applications and software used to access and process this data. Besides business and user data, applications and software are among the assets that CISOs seek to protect. Some of these applications and software provide business critical functions to customers that generate revenues for the organization. Examples include applications and software that provide customers with business services as well as applications and software that are sold as products to the clients. In the case where software applications are considered business critical information assets, these should receive a specific focus in human resources, training, processes, standards and tools. The scope of this guide is the security of web applications and the security of the components of the architecture such as the security of web servers, application servers and databases. This does not include other aspects of security that are not related to the specific application. Such as the security of the network infrastructure that supports the applications and constitutes a valued asset whose security properties such as confidentiality, integrity and availability need to be protected as well.

−	This CISO guide is written to help CISOs that are responsible for managing application security programs from the information security and risk management perspectives. From the information security perspective, there is a need to protect the organization assets such as the citizen/client/customer sensitive data, the databases where this data is stored, the network infrastructure where the database servers reside and last but not least the applications and software used to access and process this data. Among the assets that CISOs seek to protect, besides business and user data there are also applications and software. Some of these applications and software provides business critical functions to customers that generate revenues for the organization. Examples include applications and software that provide customers with business services as well as applications and software that are sold as products to the clients. In the case when software application are considered business critical information assets, these should receive a specific focus in human resources, training, processes, standards and tools. The scope of this guide is the security of web applications and the security of the components of the architecture such as the security of web servers, application servers and databases. This does not include other aspects of security that are not specifically related to the specific application, such as the security of the network infrastructure that supports the applications and constitutes a valued asset whose security properties such as confidentiality, integrity and availability need to be protected as well.

	== Objectives ==		== Objectives ==