https://wiki.owasp.org/index.php?action=history&feed=atom&title=CISO_Survey_2013%3A_Tools_and_technologyCISO Survey 2013: Tools and technology - Revision history2026-04-21T12:35:09ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=CISO_Survey_2013:_Tools_and_technology&diff=167599&oldid=prevTgondrom at 21:23, 6 February 20142014-02-06T21:23:20Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 21:23, 6 February 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>[[OWASP CISO Survey|< Back to the CISO Survey]]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>[[OWASP CISO Survey|< Back to the CISO Survey]]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>__NOTOC__</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>__NOTOC__</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>= 3. Tools and technology =</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>= 3. Tools and technology =</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Significance of OWASP guidance, books and white papers ==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Significance of OWASP guidance, books and white papers ==</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l35" >Line 35:</td>
<td colspan="2" class="diff-lineno">Line 34:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>[[File:CISO_Survey_2013_13_IS_tools.png]]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>[[File:CISO_Survey_2013_13_IS_tools.png]]</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:OWASP CISO Survey Project]]</ins></div></td></tr>
</table>Tgondromhttps://wiki.owasp.org/index.php?title=CISO_Survey_2013:_Tools_and_technology&diff=167568&oldid=prevTgondrom: start Tools and technology2014-02-06T20:20:13Z<p>start Tools and technology</p>
<p><b>New page</b></p><div>[[OWASP CISO Survey|< Back to the CISO Survey]]<br />
__NOTOC__<br />
<br />
= 3. Tools and technology =<br />
== Significance of OWASP guidance, books and white papers ==<br />
To better understand how organizations benefit from existing OWASP activities and what is most useful for organizations, we also asked the CISOs what OWASP activities serve them well, and which ones are more or less significant. For data analysis we designed a weighted scoring that would rank based on how many rated activities as extremely significant, very significant, significant, somewhat significant or not significant. Most significant help are OWASP projects for awareness programs and awareness material, with a weighted score of 140 and about 70% stating that OWASP is extremely significant, very significant or significant for this area. While staff attending local chapter meetings or AppSec conferences is still important, with a score of 54 and more than 30% of the surveyed CISOs rating this activity as extremely significant, very significant or significant. <br />
<br />
[[File:CISO_Survey_2013_9_OWASP_significance.png]]<br />
<br />
== Top-5 most useful OWASP projects for organizations from the perspective of the CISO. ==<br />
The 5 most useful OWASP projects from the standpoint of a CISO are the <br />
1. OWASP Top-10<br />
2. Cheatsheets<br />
3. Development Guide<br />
4. Secure Coding Practices Quick Reference<br />
5. Application Security FAQ<br />
With the Top-10 a clear leading number one position, while the other four projects are relatively equal in their rating and basically sharing second place. <br />
<br />
<br />
[[File:CISO_Survey_2013_10_Top-5_Projects.png]]<br />
<br />
== Design of the information security management program ==<br />
As information security programs vary widely across organizations, we asked the CISO which key elements are part of their programs: <br />
<br />
[[File:CISO_Survey_2013_11_ISM_programs.png]]<br />
<br />
Naturally, security requirements, guidelines, security training and risk management were prevalent parts of information security management programs. Interestingly, using a secure software development lifecycle did rank fairly low as a part of the CISOs’ current security management programs. This finding might also be an indication for a lack of using an application security strategy or maturity model to determine which domains to focus on and which SDLC activities to implement. (see also the [[CISO AppSec Guide: Application Security Program]])<br />
<br />
== Two thirds use technical tools to support their application security management process ==<br />
<br />
[[File:CISO_Survey_2013_12_process_tools.png]]<br />
<br />
<br />
== For example, we found the following tools are used by organizations: ==<br />
<br />
[[File:CISO_Survey_2013_13_IS_tools.png]]</div>Tgondrom