This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Denver May 2009 meeting"
(New page: == Wednesday 20 May 2009, 6pm @ RPSC == === Topic: Compliance and application security testing === Presenters: Dr. Joseph McComb, CISSP, CISA, G7799, CHSS and Daniel Weiske, CISSP, CISA,...) |
m |
||
| Line 6: | Line 6: | ||
Title: Compliance while under siege: justifying security spending for the holes in your defenses. | Title: Compliance while under siege: justifying security spending for the holes in your defenses. | ||
| + | |||
| + | [http://www.owasp.org/images/0/0d/Compliance_while_under_siege_-_OWASP_05-20-09.ppt Slide Deck] | ||
Synopsis: This presentation will show how to integrate a compliance framework into application security testing to produce an effective mechanism for presenting risk. Regulations, including security breach notification legislation, HIPAA, FISMA and other regulations specify penalties for failing to safeguard specific types of information. This presentation will demonstrate how to weave regulatory frameworks into the application testing process and how to quantify risk based upon penalties and ease of exploitation. Using real world examples, the presenters will show how this methodology can be used to justify security testing as a necessary expenditure for a secure environment. | Synopsis: This presentation will show how to integrate a compliance framework into application security testing to produce an effective mechanism for presenting risk. Regulations, including security breach notification legislation, HIPAA, FISMA and other regulations specify penalties for failing to safeguard specific types of information. This presentation will demonstrate how to weave regulatory frameworks into the application testing process and how to quantify risk based upon penalties and ease of exploitation. Using real world examples, the presenters will show how this methodology can be used to justify security testing as a necessary expenditure for a secure environment. | ||
| Line 13: | Line 15: | ||
* 6:30pm: Introduction and Chapter business | * 6:30pm: Introduction and Chapter business | ||
* 6:45pm --> 8pm: Presentation | * 6:45pm --> 8pm: Presentation | ||
| − | |||
[https://www.owasp.org/index.php/Denver Back to OWASP Denver] | [https://www.owasp.org/index.php/Denver Back to OWASP Denver] | ||
Latest revision as of 21:10, 14 July 2009
Wednesday 20 May 2009, 6pm @ RPSC
Topic: Compliance and application security testing
Presenters: Dr. Joseph McComb, CISSP, CISA, G7799, CHSS and Daniel Weiske, CISSP, CISA, CAP, NSA-IAM
Title: Compliance while under siege: justifying security spending for the holes in your defenses.
Synopsis: This presentation will show how to integrate a compliance framework into application security testing to produce an effective mechanism for presenting risk. Regulations, including security breach notification legislation, HIPAA, FISMA and other regulations specify penalties for failing to safeguard specific types of information. This presentation will demonstrate how to weave regulatory frameworks into the application testing process and how to quantify risk based upon penalties and ease of exploitation. Using real world examples, the presenters will show how this methodology can be used to justify security testing as a necessary expenditure for a secure environment.
Agenda
- 6pm: Pizza & pop @ RPSC, courtesy of Corporate Sponsors FishNet Security
- 6:30pm: Introduction and Chapter business
- 6:45pm --> 8pm: Presentation
