This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Application Security Guide For CISOs"

From OWASP
Jump to: navigation, search
 
(32 intermediate revisions by 6 users not shown)
Line 3: Line 3:
 
{| width="100%" cellspacing="0" cellpadding="10"
 
{| width="100%" cellspacing="0" cellpadding="10"
 
|- valign="top"
 
|- valign="top"
| width="66%" style="background:#d9e9f9" |
+
| width="70%" style="background:#d9e9f9" |
  
= The Guide =
+
= The CISO Guide =
 +
 
 +
'''Application Security Guide For CISOs''' Version 1.0 was published in November 2013.
 +
[https://www.owasp.org/index.php/OWASP_Application_Security_Guide_For_CISOs_Project_v2#Quick_Access Version 2 of the Guide] is currently in the works and planned for publication in Q2 2018.
 +
 
 +
La [[Guía de Seguridad en Aplicaciones para CISOs]] versión 1.0 (Español) fue publicada en marzo de 2015.
  
 
== Contents ==
 
== Contents ==
Line 12: Line 17:
 
* Preamble
 
* Preamble
 
** [[CISO AppSec Guide: Introduction|Introduction]]
 
** [[CISO AppSec Guide: Introduction|Introduction]]
 +
** [[CISO AppSec Guide: Executive Summary|Executive Summary]]
 
** [[CISO AppSec Guide: Foreword|Foreword]]
 
** [[CISO AppSec Guide: Foreword|Foreword]]
 
* The CISO Guide
 
* The CISO Guide
 
** [[CISO AppSec Guide: Reasons for Investing in Application Security|Part I: Reasons for Investing in Application Security]]
 
** [[CISO AppSec Guide: Reasons for Investing in Application Security|Part I: Reasons for Investing in Application Security]]
 
** [[CISO AppSec Guide: Criteria for Managing Application Security Risks|Part II: Criteria for Managing Application Security Risks]]
 
** [[CISO AppSec Guide: Criteria for Managing Application Security Risks|Part II: Criteria for Managing Application Security Risks]]
** [[CISO AppSec Guide: Selection of Application Security Processes|Part III: Selection of Application Security Processes]]
+
** [[CISO AppSec Guide: Application Security Program|Part III: Application Security Program]]
 
** [[CISO AppSec Guide: Metrics For Managing Risks & Application Security Investments|Part IV: Metrics For Managing Risks & Application Security Investments]]
 
** [[CISO AppSec Guide: Metrics For Managing Risks & Application Security Investments|Part IV: Metrics For Managing Risks & Application Security Investments]]
 
* Supporting Information
 
* Supporting Information
 
** [[CISO AppSec Guide: References|References]]
 
** [[CISO AppSec Guide: References|References]]
 
** [[CISO AppSec Guide: About OWASP|About OWASP]]
 
** [[CISO AppSec Guide: About OWASP|About OWASP]]
* Appendices
+
* Appendix
** [[CISO AppSec Guide: Value of Data & Cost of an Incident|Appendix I-A: Value of Data & Cost of an Incident]]
+
** [[CISO AppSec Guide: Value of Data & Cost of an Incident|Appendix A: Value of Data & Cost of an Incident]]
** [[CISO AppSec Guide: Calculation Sheets|Appendix I-B: Calculation Sheets]]
+
** [[CISO AppSec Guide: Quick Reference to OWASP Guides & Projects|Appendix B: Quick Reference to OWASP Guides & Projects]]
** [[CISO AppSec Guide: Online Data Breach Cost Calculator|Appendix I-C: Online Data Breach Cost Calculator]]
+
 
** [[CISO AppSec Guide: Quick Reference to OWASP Guides & Projects|Appendix I-D: Quick Reference to OWASP Guides & Projects]]
+
== Licensing ==
  
 +
The OWASP Application Security Guide For CISOs is free to use. It is licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. 
  
== Licensing ==
+
== Feedback & Contributions ==
 +
 
 +
We hope you find the information in the OWASP CISO guide project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP CISO guide mailing list.
 +
You can subscribe to the list by selecting the link [https://lists.owasp.org/mailman/listinfo/owasp_application_security_guide_for_cisos herein]
  
The OWASP Application Security Guide For CISOs is free to use. It is licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
+
| width="100" style="max-height:200px;overflow:hidden;background:#fff;margin:0;padding:0;" cellpadding="0" |
  
| width="1%" style="background:#ffffff" |
+
<div style="width:100px;max-height:300px;border:0;margin:0;padding-left:6px;padding-right:6px;overflow:visible;">[[File:CISO-Guide-bar.jpg|link=]]</div>
  
| width="33%" style="background:#eeeeee" |
+
| width="30%" style="background:#eeeeee" |
  
 
=Credits =
 
=Credits =
  
== Primary author and editor ==
+
== Project lead and main author ==
  
 
* [[User:Marco-cincy|Marco Morana]]
 
* [[User:Marco-cincy|Marco Morana]]
  
 +
== Other contributors ==
  
== Other authors and contributors ==
+
Co-authors, contributors and reviewers:
  
 
* [[User:Tobias|Tobias Gondrom]]
 
* [[User:Tobias|Tobias Gondrom]]
Line 51: Line 62:
 
* [[User:Clerkendweller|Colin Watson]]
 
* [[User:Clerkendweller|Colin Watson]]
  
== Further details ==
+
== Versión en español ==
 +
 
 +
La [[Guía de Seguridad en Aplicaciones para CISOs]] (Español) fue editada y corregida por Mauro Gioino, Mauro Graziosi y [[User:Cristian_Borghello|Cristian Borghello]].
 +
 
 +
=== Traductores al español ===
 +
 
 +
* Daniel J. Fernández
 +
* Franco Cian
 +
* German Chiovetta
 +
* Javier Albano
 +
* Lucas Barbero
 +
* [[User:Walter_Heffel|Walter Heffel]]
 +
 
  
If you wish to know more about this guide please send subscribe to the maling list. We are holding meetings bi-weekly ao you are welcome to participate. If you wish to contribute please visit the project page and send an email to the project leader.
+
= Further Information =
  
== Related projects ==
+
== CISO guide ==
 +
 
 +
The OWASP CISO Guide is also available as
 +
* [https://www.owasp.org/index.php/File:Owasp-ciso-guide.pdf [EN] Download PDF]
 +
* [https://www.owasp.org/index.php/File:Owasp-ciso-guide_es.pdf [ES] Descarga PDF]
 +
* [http://www.lulu.com/shop/owasp-foundation/application-security-guide-for-cisos-v10-nov-2013/paperback/product-21288580.html At cost print on demand monochrome book].
  
The contributors to the [[OWASP CISO Survey]] also provided invaluable data for this guide.
 
  
 +
For full information about the Application Security Guide For CISOs Project, including mailing list details, the forward plan, how to contribute, the project status, and alternative media, see the project page:
 +
* [https://www.owasp.org/index.php/OWASP_Application_Security_Guide_For_CISOs_Project CISO Guide Project Page]
  
== Further details ==
 
  
For further information about the Application Security Guide For CISOs see the [https://www.owasp.org/index.php/OWASP_Application_Security_Guide_For_CISOs_Project project page].
+
== CISO survey ==
  
 +
The contributors to the [[OWASP CISO Survey]] also provided invaluable data for this guide.
  
 
|}
 
|}
 
  
 
[[Category:OWASP_Application_Security_Guide_For_CISO_Project]]
 
[[Category:OWASP_Application_Security_Guide_For_CISO_Project]]

Latest revision as of 08:52, 4 November 2017


The CISO Guide

Application Security Guide For CISOs Version 1.0 was published in November 2013. Version 2 of the Guide is currently in the works and planned for publication in Q2 2018.

La Guía de Seguridad en Aplicaciones para CISOs versión 1.0 (Español) fue publicada en marzo de 2015.

Contents

Licensing

The OWASP Application Security Guide For CISOs is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Feedback & Contributions

We hope you find the information in the OWASP CISO guide project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP CISO guide mailing list. You can subscribe to the list by selecting the link herein

CISO-Guide-bar.jpg

Credits

Project lead and main author

Other contributors

Co-authors, contributors and reviewers:

Versión en español

La Guía de Seguridad en Aplicaciones para CISOs (Español) fue editada y corregida por Mauro Gioino, Mauro Graziosi y Cristian Borghello.

Traductores al español

  • Daniel J. Fernández
  • Franco Cian
  • German Chiovetta
  • Javier Albano
  • Lucas Barbero
  • Walter Heffel


Further Information

CISO guide

The OWASP CISO Guide is also available as


For full information about the Application Security Guide For CISOs Project, including mailing list details, the forward plan, how to contribute, the project status, and alternative media, see the project page:


CISO survey

The contributors to the OWASP CISO Survey also provided invaluable data for this guide.