This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP CISO Survey Project"

From OWASP
Jump to: navigation, search
(Create OWASP CISO Survey Projects Page)
 
 
(31 intermediate revisions by 2 users not shown)
Line 10: Line 10:
 
Among application security stakeholders, Chief Information Security Officers (CISOs),are responsible for application security from governance, compliance and risk perspectives. The OWASP CISO Survey provides tactical intelligence about security risks and best practices to help CISOs manage application security programs according to their own roles, responsibilities, perspectives and needs.  
 
Among application security stakeholders, Chief Information Security Officers (CISOs),are responsible for application security from governance, compliance and risk perspectives. The OWASP CISO Survey provides tactical intelligence about security risks and best practices to help CISOs manage application security programs according to their own roles, responsibilities, perspectives and needs.  
  
==Introduction==
 
  
 +
== Report 2013 ==
 +
And the latest release is here [[OWASP CISO Survey]]
  
  
  
==Objectives==
+
== New CISO Survey 2014 Questionnaire is out! ==  
 +
Please help us and share it with your security manager to fill it out
 +
Questionnaire is available in:
 +
* English: https://www.surveymonkey.com/s/CISOSurvey2014
 +
* Chinese: https://www.surveymonkey.com/s/CISOSurvey2014cn
 +
* Hebrew: https://www.surveymonkey.com/s/CISOSurvey2014iw
 +
* Japanese: https://jp.surveymonkey.com/s/CISOSurvey2014jp
  
  
 +
== Questions and getting involved ==
 +
If you have questions or like to actively support and participate in this project, please join the [https://lists.owasp.org/mailman/listinfo/owasp_ciso_survey project mailing list] or feel free to send an email to the project lead at [mailto:[email protected] tobias.gondrom (at) owasp.org].
  
  
 
==Licensing==
 
==Licensing==
The OWASP Application Security Guide For CISOs is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
+
The OWASP CISO Survey Report is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
  
 
© OWASP Foundation
 
© OWASP Foundation
Line 40: Line 49:
 
== Presentation ==
 
== Presentation ==
  
Link to presentation at the AppSecUS 2013 in NYC
+
Link to [http://www.youtube.com/embed/J4i3RY5AGhc?list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU presentation at the AppSecUS 2013 in NYC]
  
 
== Project Leader ==
 
== Project Leader ==
  
Tobias Gondrom
+
[[User:Tgondrom|Tobias Gondrom]]
  
  
Line 58: Line 67:
 
== Quick Access ==
 
== Quick Access ==
  
 +
[[File:Ciso_survey_report_2013n_300x200.jpg|link=https://www.owasp.org/index.php/File:Owasp-ciso-report-2013-1.0.pdf]]
  
  
 
== News and Events ==
 
== News and Events ==
* [20 Nov 2013] The [http://appsecusa2013.sched.org/event/d4023831663d85d7fd87294e36e631ac?iframe=yes&w=990&sidebar=yes&bg=no#?iframe=yes&w=990&sidebar=yes&bg=no CISO Guide and CISO Survey 2013] will be presented at [https://appsecusa.org/ AppSec USA]
+
* Jan 2014 '''Version 1.0 released'''
* [Dec 2013] Version 1.0 (stable) to be released
+
* Dec 2013: [http://trustedsoftwarealliance.com/2013/12/02/the-owasp-application-security-ciso-guide-with-marco-morana-and-tobias-gondrom/ Interview with Marco Morana and Tobias Gondrom about the CISO Guide and CISO Survey]
 +
* 20 Nov 2013: The [http://appsecusa2013.sched.org/event/d4023831663d85d7fd87294e36e631ac?iframe=yes&w=990&sidebar=yes&bg=no#?iframe=yes&w=990&sidebar=yes&bg=no CISO Guide and CISO Survey 2013] will be presented at [https://appsecusa.org/ AppSec USA]
 +
* June 2014: [http://youtu.be/gvveiM-cbp8?list=PLpr-xdpM8wG_KHsxepT9o6trkqDELhr3_ Watch here the presentation of the CISO Survey Report 2013 at AppSec EU in Cambridge] - new updates will also be presented at AppSec USA
  
  
 
== In Print ==
 
== In Print ==
 +
 +
 +
[[File:Ciso_survey_book_small.jpg|link=http://www.lulu.com/shop/owasp-foundation/ciso-survey-and-report-2013/paperback/product-21480821.html]]
 +
 +
This project can be purchased as a [http://www.lulu.com/shop/owasp-foundation/ciso-survey-and-report-2013/paperback/product-21480821.html print on demand book] from Lulu.com.
  
  
Line 84: Line 101:
  
 
|}
 
|}
 +
 +
=Next Version 2014=
 +
 +
==Currently under Discussion==
 +
===Draft of [[CISO Survey 2014 Questionnaire]]===
  
  
= Acknowledgements =
 
==Volunteers==
 
The Application Security Guide For CISOs Project was authored, edited and reviewed by a worldwide team of volunteers. The primary contributors to date have been:
 
  
* Tobias Gondrom
+
===old version 2013===
* Marco Morana
+
Here you can find the draft for the old version in 2013 (note this is not identical with the final released version).
* Stephanie Tan
+
[[Industry:GIC_CISO_Survey_2013]]
* Colin Watson
 
  
  
 
= Road Map and Getting Involved =
 
= Road Map and Getting Involved =
 +
 
As of January 2014, the priorities are:
 
As of January 2014, the priorities are:
 
* Announce and promote v1.0 at AppSec APAC, EU and US and CISO events
 
* Announce and promote v1.0 at AppSec APAC, EU and US and CISO events
Line 107: Line 126:
 
* Review the text
 
* Review the text
 
* Graphical design for the report and diagrams
 
* Graphical design for the report and diagrams
 +
* Send out Survey to the Security Manager Community
 +
* Data Analysis
 +
 +
Past Roadmap:
 +
* Begin 2013: Send out Survey
 +
* Sep-30, 2013: Close Survey - done
 +
* Oct 2013: analyze data and write report
 +
* Jan 2014: release of the CISO report 2013
 +
 +
 +
Future Roadmap:
 +
* May 2014: prepare the next revision of the CISO survey
 +
* June 2014: start sending out questionnaires
 +
* September 2014: Close Survey 2014
 +
* Oct 2014: Analyze Data and write report
 +
* Dec 2014: release CISO report 2014
 +
  
 
Please participate through the project's [https://lists.owasp.org/mailman/listinfo/owasp_ciso_survey mailing list].
 
Please participate through the project's [https://lists.owasp.org/mailman/listinfo/owasp_ciso_survey mailing list].
Line 115: Line 151:
 
== Current version ==
 
== Current version ==
  
v1.0 (Stable) to be released
+
v1.0 (Stable) released in January 2014
 
* EN
 
* EN
 +
** [[OWASP CISO Survey |HTML]]
 +
** [https://www.owasp.org/index.php/File:Owasp-ciso-report-2013-1.0.pdf PDF]
  
  
 
== Previous versions ==
 
== Previous versions ==
  
Pre 1.0 versions (alpha and betas) are in the wiki page history at https://www.owasp.org/index.php/OWASP_CISO_Survey.
+
 
 +
= Acknowledgements =
 +
 
 +
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 +
 
 +
== Contributors for the CISO Survey 2014 ==
 +
The CISO Survey 2014 was authored, edited and reviewed by a worldwide team of volunteers. <br>The primary contributors to date have been (in alphabetical order):
 +
 
 +
* Hemed Gur Ary
 +
* Tobias Gondrom (Project Lead)
 +
* Marco Morana
 +
* Riotaro Okada
 +
* ... please add your name here.
 +
 
 +
For translation and support promoting the questionnaire
 +
* Chinese Team:
 +
** 樊山 (Fan Shan)
 +
** 刘宁 (Liu Ning)
 +
** Json (Json)
 +
** 郝益壮 (Hao Yizhuang)
 +
* Hebrew Team:
 +
** Ori Troyna
 +
** Or Katz
 +
** Baruch Atir
 +
** Eyal Estrin
 +
** Hemed Gur Ary
 +
* Japan Team Volunteers:
 +
** Akiteru Kamoshida
 +
** Chia-Lung Hsieh
 +
** Kusuma Dewi
 +
** Mikado Hisayama
 +
** Satoshi Shida
 +
** Shoichi Nakata
 +
** Takanori Nakanowatari
 +
** Yasunori Kanai
 +
** Yoshinari Fukumoto
 +
** Yusuke Karasawa
 +
** Robert Dracea
 +
** Riotaro Okada (Japan team lead.)
 +
* Polish: Wojciech Dworakowski
 +
 
 +
 
 +
== Volunteers for the CISO Survey 2013==
 +
The CISO Survey 2013 was authored, edited and reviewed by a worldwide team of volunteers. <br>The primary contributors to date have been (in alphabetical order):
 +
 
 +
* Tobias Gondrom
 +
* Marco Morana
 +
* Stephanie Tan
 +
* Colin Watson
 +
 
 +
And many more helping hands from OWASP chapters around the world and the former Global Industry Committee, providing input, designing questions, translating and sending out the survey questions around the globe. Thank you all! We couldn't have done it without you!
 +
<br>So a big thank you to all of you (in alphabetical order):
 +
 
 +
* Balint Szabo,
 +
* Eoin Keary,
 +
* Israel Bryski,
 +
* Ivy Zhang,
 +
* Jasmine Beg,
 +
* Kate Hartman,
 +
* Lorna Alamri,
 +
* Mauro Flores,
 +
* Rex Booth,
 +
* Timur kHrotko.  
 +
 
 +
 
 +
And last but not least, the many CISOs who took the time to fill out the Survey and offer their input and advise.
 +
 
 +
(As this was a great team effort of many hands over a long period of time, if I forgot someone, I apologize and please just drop me a message so I can add you to the list...)
 +
 
 +
 
 +
| valign="top"  style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |
 +
 
 +
 
 +
=== Contributing organisations ===
 +
(if you can help us send out the questionnaire to your contact base, so that we can reach a broader population of CISOs, you are invited to join the team and your company can be listed as one of the contributors to the project. (to place your logo as sponsor organization please see sponsorship opportunities below)
 +
(in alphabetical order)
 +
* Checkmarx
 +
* EC Council
 +
* ISACA Macau
 +
* (ISC)2 Japan: https://www.isc2.org/japan/Default.aspx
 +
* Japan CISO Association: http://www.cisojapan.org/en/about.html
 +
* Japan Association of New Economy: http://jane.or.jp/english/
 +
* Japan Network Security Association: http://www.jnsa.org/
 +
* MIS Training Institute
 +
* WASForum: http://wasforum.jp
 +
 
 +
* your company name here
 +
 
 +
 
 +
| valign="top"  style="padding-left:25px;width:300px;" |
 +
 
 +
 
 +
== Sponsors ==
 +
We thank specially thank our project sponsors. Their donations help us make this again a high quality report for the year 2014:
 +
* EC Council
 +
[[File:CISO_Survey_Sponsor_-_CCISO_Logo_-_small.jpg]]
 +
 
 +
 
 +
To promote the project and to create a high quality report at the end of the year and get it printed, some funding is needed.
 +
If you could help the project with some funding, that would be awesome.
 +
If you are interested in sponsoring this project, please contact the project lead Tobias Gondrom (email: [email protected]).
 +
Sponsors will be listed separately on the project and logos for sponsors can be '''displayed on the project page and in the final report'''.  
 +
 
 +
 
 +
 
 +
|}
  
 
= Project About =
 
= Project About =
{{:Projects/OWASP_CISO_Survey_Project | Project About}}
+
{{:Projects/OWASP_CISO_Survey | Project About}}  
 +
 
  
 
__NOTOC__ <headertabs />  
 
__NOTOC__ <headertabs />  
  
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]
+
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]] [[Category:OWASP CISO Survey Project]][[Category:SAMM-SM-1]]

Latest revision as of 11:47, 8 March 2015

CISO-Guide-header.jpg

OWASP CISO Survey and Report

Among application security stakeholders, Chief Information Security Officers (CISOs),are responsible for application security from governance, compliance and risk perspectives. The OWASP CISO Survey provides tactical intelligence about security risks and best practices to help CISOs manage application security programs according to their own roles, responsibilities, perspectives and needs.


Report 2013

And the latest release is here OWASP CISO Survey


New CISO Survey 2014 Questionnaire is out!

Please help us and share it with your security manager to fill it out Questionnaire is available in:


Questions and getting involved

If you have questions or like to actively support and participate in this project, please join the project mailing list or feel free to send an email to the project lead at tobias.gondrom (at) owasp.org.


Licensing

The OWASP CISO Survey Report is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

© OWASP Foundation


Core Content

The CISO Survey Report 2013 includes:

  • Threats and risks
  • Investments and challenges
  • Tools and technology
  • Governance and control


Presentation

Link to presentation at the AppSecUS 2013 in NYC

Project Leader

Tobias Gondrom


Related Projects


Quick Access

Ciso survey report 2013n 300x200.jpg


News and Events


In Print

Ciso survey book small.jpg

This project can be purchased as a print on demand book from Lulu.com.


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg

Currently under Discussion

Draft of CISO Survey 2014 Questionnaire

old version 2013

Here you can find the draft for the old version in 2013 (note this is not identical with the final released version). Industry:GIC_CISO_Survey_2013


As of January 2014, the priorities are:

  • Announce and promote v1.0 at AppSec APAC, EU and US and CISO events
  • Gain support and additional contributors
  • Initiate the next version 2014 and secure to reach out to a larger audience

Involvement in the development and promotion of the CISO Survey Report is actively encouraged. You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • Review the text
  • Graphical design for the report and diagrams
  • Send out Survey to the Security Manager Community
  • Data Analysis

Past Roadmap:

  • Begin 2013: Send out Survey
  • Sep-30, 2013: Close Survey - done
  • Oct 2013: analyze data and write report
  • Jan 2014: release of the CISO report 2013


Future Roadmap:

  • May 2014: prepare the next revision of the CISO survey
  • June 2014: start sending out questionnaires
  • September 2014: Close Survey 2014
  • Oct 2014: Analyze Data and write report
  • Dec 2014: release CISO report 2014


Please participate through the project's mailing list.


Current version

v1.0 (Stable) released in January 2014


Previous versions

Contributors for the CISO Survey 2014

The CISO Survey 2014 was authored, edited and reviewed by a worldwide team of volunteers.
The primary contributors to date have been (in alphabetical order):

  • Hemed Gur Ary
  • Tobias Gondrom (Project Lead)
  • Marco Morana
  • Riotaro Okada
  • ... please add your name here.

For translation and support promoting the questionnaire

  • Chinese Team:
    • 樊山 (Fan Shan)
    • 刘宁 (Liu Ning)
    • Json (Json)
    • 郝益壮 (Hao Yizhuang)
  • Hebrew Team:
    • Ori Troyna
    • Or Katz
    • Baruch Atir
    • Eyal Estrin
    • Hemed Gur Ary
  • Japan Team Volunteers:
    • Akiteru Kamoshida
    • Chia-Lung Hsieh
    • Kusuma Dewi
    • Mikado Hisayama
    • Satoshi Shida
    • Shoichi Nakata
    • Takanori Nakanowatari
    • Yasunori Kanai
    • Yoshinari Fukumoto
    • Yusuke Karasawa
    • Robert Dracea
    • Riotaro Okada (Japan team lead.)
  • Polish: Wojciech Dworakowski


Volunteers for the CISO Survey 2013

The CISO Survey 2013 was authored, edited and reviewed by a worldwide team of volunteers.
The primary contributors to date have been (in alphabetical order):

  • Tobias Gondrom
  • Marco Morana
  • Stephanie Tan
  • Colin Watson

And many more helping hands from OWASP chapters around the world and the former Global Industry Committee, providing input, designing questions, translating and sending out the survey questions around the globe. Thank you all! We couldn't have done it without you!
So a big thank you to all of you (in alphabetical order):

  • Balint Szabo,
  • Eoin Keary,
  • Israel Bryski,
  • Ivy Zhang,
  • Jasmine Beg,
  • Kate Hartman,
  • Lorna Alamri,
  • Mauro Flores,
  • Rex Booth,
  • Timur kHrotko.


And last but not least, the many CISOs who took the time to fill out the Survey and offer their input and advise.

(As this was a great team effort of many hands over a long period of time, if I forgot someone, I apologize and please just drop me a message so I can add you to the list...)



Contributing organisations

(if you can help us send out the questionnaire to your contact base, so that we can reach a broader population of CISOs, you are invited to join the team and your company can be listed as one of the contributors to the project. (to place your logo as sponsor organization please see sponsorship opportunities below) (in alphabetical order)

  • your company name here



Sponsors

We thank specially thank our project sponsors. Their donations help us make this again a high quality report for the year 2014:

  • EC Council

CISO Survey Sponsor - CCISO Logo - small.jpg


To promote the project and to create a high quality report at the end of the year and get it printed, some funding is needed. If you could help the project with some funding, that would be awesome. If you are interested in sponsoring this project, please contact the project lead Tobias Gondrom (email: [email protected]). Sponsors will be listed separately on the project and logos for sponsors can be displayed on the project page and in the final report.


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP_CISO_Survey (home page)
Purpose: "CISO Survey and later the CISO Report on Application and Information Security trends.

Also providing input and data for the CISO guide. "

License: Creative Commons Attribution ShareAlike 3.0 License (best for documentation projects)
who is working on this project?
Project Leader(s):
  • Tobias Gondrom @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Tobias Gondrom @ to contribute to this project
  • Contact Tobias Gondrom @ to review or sponsor this project
current release
OWASP CISO Survey Report 2013 1.0 - Jan 2014 - (download)
Release description: Version 2013 1.0

description Version 2013 1.0

Rating: Projects/OWASP CISO Survey/GPC/Assessment/OWASP CISO Survey Report 2013 1.0
last reviewed release
Not Yet Reviewed


other releases