This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Working Session - OWASP Intra Governmental Affairs"
From OWASP
Dinis.cruz (talk | contribs) |
m |
||
(12 intermediate revisions by 9 users not shown) | |||
Line 9: | Line 9: | ||
|- | |- | ||
| style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description''' | | style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description''' | ||
− | | colspan="6" style="width:85%; background:#cccccc" align="left"| | + | | colspan="6" style="width:85%; background:#cccccc" align="left"|Increasing the visibility of AppSec within gov't agencies by effectively positioning OWASP resources and communicating OWASP principles to standards bodies, gov't agencies, and implementers and auditors. |
|- | |- | ||
| style="width:15%; background:#7B8ABD" align="center"| '''Related Projects''' | | style="width:15%; background:#7B8ABD" align="center"| '''Related Projects''' | ||
Line 17: | Line 17: | ||
| style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles''' | | style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles''' | ||
| style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>David Campbell | | style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>David Campbell | ||
− | | style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:[email protected] '''Puneet Mehta'''] , [mailto:[email protected] '''Dhruv Soi'''] | + | | style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:colin.watson(at)owasp.org '''Colin Watson'''] , <s>[mailto:[email protected] '''Puneet Mehta'''] , [mailto:[email protected] '''Dhruv Soi'''] </s> |
| style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-intra-governmental-affairs '''Subscription Page'''] | | style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-intra-governmental-affairs '''Subscription Page'''] | ||
|} | |} | ||
Line 42: | Line 42: | ||
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES''' | ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES''' | ||
|- | |- | ||
− | | style="width:100%; background:#cccccc" align="center"| | + | | style="width:100%; background:#cccccc" align="center"|Projector, also wireless connection for conferencing in remote participants. NOTE: these resources were not available and this negatively impacted the effectiveness of the group. For future Summits these resources should be coordinated more effectively. |
|} | |} | ||
{| style="width:100%" border="0" align="center" | {| style="width:100%" border="0" align="center" | ||
Line 50: | Line 50: | ||
! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS''' | ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS''' | ||
|- | |- | ||
− | | style="width: | + | | style="width:33%; background:#cccccc" align="left"| |
− | + | [https://www.owasp.org/images/5/5d/OWASP_EU_Summit_2008_Intra_govt_affairs_DC.zip Presentation] prepared by Puneet and DC to seed discussion and summarize outcomes, updated with outputs of working group. | |
+ | | style="width:33%; background:#cccccc" align="center"| | ||
+ | [https://www.owasp.org/images/6/6a/Ws_intra_governmental_notes.zip Working Session Notes] | ||
+ | | style="width:33%; background:#cccccc" align="right"| | ||
+ | [https://www.owasp.org/images/b/bf/Ws_intra_governmental_votingideas.zip Ideas to put up for Vote Captured during Session] | ||
|} | |} | ||
{| style="width:100%" border="0" align="center" | {| style="width:100%" border="0" align="center" | ||
Line 61: | Line 65: | ||
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"| | | style="width:7%; background:#7B8ABD" align="center"| | ||
− | | style="width:46%; background:#C2C2C2" align="center"|Mission | + | | style="width:46%; background:#C2C2C2" align="center"|Mission: To ensure that OWASP’s dealings with governmental and regulatory agencies are coherent and consistent, making effective use of resources and global perspective for the benefit of members and constituents. |
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. | | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. | ||
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"| | | style="width:7%; background:#7B8ABD" align="center"| | ||
− | | style="width:46%; background:#C2C2C2" align="center"|Prioritized list of potential areas where OWASP can work with Government. | + | | style="width:46%; background:#C2C2C2" align="center"|Prioritized list of potential areas where OWASP can work with Government: 1) Help regulators / federal agencies define Application security controls for statutory compliance, 2) Support or oppose Legislative action relevant to InfoSec/AppSec, 3) Create mapping of standards bodies security controls to OWASP specific guidance (i.e. map FISCAM, 800-53/53A to OWASP Testing Guide), 4)Outreach & Evangelism to implementers and auditors of standards |
+ | |||
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. | | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. | ||
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"| | | style="width:7%; background:#7B8ABD" align="center"| | ||
− | | style="width:46%; background:#C2C2C2" align="center"|Roadmap / Model to approach this initiative. | + | | style="width:46%; background:#C2C2C2" align="center"|Roadmap / Model to approach this initiative: Appoint gov't specialists to "Industry" global committee. Assign a primary point of contact for gov't interaction for each country. Establish a governance process whereby these POC's are given authority to interact with gov't officials on behalf of OWASP. |
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. | | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. | ||
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"| | | style="width:7%; background:#7B8ABD" align="center"| | ||
− | | style="width:46%; background:#C2C2C2" align="center"|Identify Team / committee to lead this initiative. | + | | style="width:46%; background:#C2C2C2" align="center"|Identify Team / committee to lead this initiative. US POC: Rex Booth, UK POC: Colin Watson, India POC: Puneet Mehta, Brazil POC: Lucas Ferreira |
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. | | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. | ||
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"| | | style="width:7%; background:#7B8ABD" align="center"| | ||
− | | style="width:46%; background:#C2C2C2" align="center"| | + | | style="width:46%; background:#C2C2C2" align="center"|Action items: 1) Review NIST draft special pubs relevant to AppSec and solicit comments from OWASP SME's: David Campbell. 2) Review ISO draft standards relevant to AppSec and solicit comments from OWASP SME's: Lucas Ferreira 3) Submit comments to these drafts on behalf of OWASP: OWASP Board or Industry Committee chair(?), 4) Create “Approaching Gov’t Organizations” guide: Dan Cornell, 5) Develop governance model for vetting officlal OWASP representatives, positions, and “One Voice” principle: Puneet Mehta, 6) Create SOC project for mapping standards body security controls to OWASP Body of Knowledge: TBD |
+ | |||
| style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. | | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here. | ||
|- | |- | ||
Line 97: | Line 103: | ||
| style="width:15%; background:#cccccc" align="center"|David Campbell | | style="width:15%; background:#cccccc" align="center"|David Campbell | ||
| style="width:15%; background:#cccccc" align="center"|OWASP Denver | | style="width:15%; background:#cccccc" align="center"|OWASP Denver | ||
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|Experience w/ US Govt. agencies |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|2 | | style="width:7%; background:#7B8ABD" align="center"|2 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Puneet Mehta |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|OWASP Delhi |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|Experience w/ India Govt. Agencies |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|3 | | style="width:7%; background:#7B8ABD" align="center"|3 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|<s>Sion Camilleri</s> |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|<s>OWASP Belgium</s> |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|<s>Experience w/ Australian, UK, NATO, and other International/EU Commission Government Agencies</s> |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|4 | | style="width:7%; background:#7B8ABD" align="center"|4 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Colin Watson |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Watson Hall |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|Raising awareness of OWASP in government agencies |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|5 | | style="width:7%; background:#7B8ABD" align="center"|5 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Rex Booth |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Grant Thornton LLP |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|Experience with US gov. agencies |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|6 | | style="width:7%; background:#7B8ABD" align="center"|6 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Lucas C. Ferreira |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|Brazilian Parliament |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|Work for Brazilian government |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|7 | | style="width:7%; background:#7B8ABD" align="center"|7 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|<s>Arturo 'Buanzo' Busleiman</s> |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|<s>Independent</s> |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|<s>I have certain vinculations with the Argentinian government.</s> |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|8 | | style="width:7%; background:#7B8ABD" align="center"|8 | ||
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|<s>Fabio Cerullo</s> |
− | | style="width:15%; background:#cccccc" align="center"| | + | | style="width:15%; background:#cccccc" align="center"|<s>AIB Bank</s> |
− | | style="width:63%; background:#cccccc" align="center"| | + | | style="width:63%; background:#cccccc" align="center"|<s>interested in the topic</s> |
|- | |- | ||
| style="width:7%; background:#7B8ABD" align="center"|9 | | style="width:7%; background:#7B8ABD" align="center"|9 | ||
Line 145: | Line 151: | ||
|} | |} | ||
If needed add here more lines. | If needed add here more lines. | ||
+ | |||
+ | [[Category:OWASP_Working_Session]] |
Latest revision as of 16:56, 17 November 2008
Working Sessions Operational Rules - Please see here the general frame of rules. |
---|
WORKING SESSION IDENTIFICATION | ||||||
---|---|---|---|---|---|---|
Work Session Name | OWASP Intra Governmental Affairs | |||||
Short Work Session Description | Increasing the visibility of AppSec within gov't agencies by effectively positioning OWASP resources and communicating OWASP principles to standards bodies, gov't agencies, and implementers and auditors. | |||||
Related Projects |
If any, add a link. | |||||
Email Contacts & Roles | Chair David Campbell |
Secretary Colin Watson , |
Mailing list Subscription Page |
WORKING SESSION SPECIFICS | ||||||
---|---|---|---|---|---|---|
Objectives |
| |||||
Venue/Date&Time/Model | Venue OWASP EU Summit Portugal 2008 |
Date&Time November 5 & 7, 2008 Time TBD |
Discussion Model "Everybody is a Participant" |
WORKING SESSION OPERATIONAL RESOURCES | ||||||
---|---|---|---|---|---|---|
Projector, also wireless connection for conferencing in remote participants. NOTE: these resources were not available and this negatively impacted the effectiveness of the group. For future Summits these resources should be coordinated more effectively. |
WORKING SESSION ADDITIONAL DETAILS | ||||||
---|---|---|---|---|---|---|
Presentation prepared by Puneet and DC to seed discussion and summarize outcomes, updated with outputs of working group. |
WORKING SESSION OUTCOMES | ||
---|---|---|
Statements, Initiatives or Decisions | Proposed by Working Group | Approved by OWASP Board |
Mission: To ensure that OWASP’s dealings with governmental and regulatory agencies are coherent and consistent, making effective use of resources and global perspective for the benefit of members and constituents. | After the Board Meeting - fill in here. | |
Prioritized list of potential areas where OWASP can work with Government: 1) Help regulators / federal agencies define Application security controls for statutory compliance, 2) Support or oppose Legislative action relevant to InfoSec/AppSec, 3) Create mapping of standards bodies security controls to OWASP specific guidance (i.e. map FISCAM, 800-53/53A to OWASP Testing Guide), 4)Outreach & Evangelism to implementers and auditors of standards | After the Board Meeting - fill in here. | |
Roadmap / Model to approach this initiative: Appoint gov't specialists to "Industry" global committee. Assign a primary point of contact for gov't interaction for each country. Establish a governance process whereby these POC's are given authority to interact with gov't officials on behalf of OWASP. | After the Board Meeting - fill in here. | |
Identify Team / committee to lead this initiative. US POC: Rex Booth, UK POC: Colin Watson, India POC: Puneet Mehta, Brazil POC: Lucas Ferreira | After the Board Meeting - fill in here. | |
Action items: 1) Review NIST draft special pubs relevant to AppSec and solicit comments from OWASP SME's: David Campbell. 2) Review ISO draft standards relevant to AppSec and solicit comments from OWASP SME's: Lucas Ferreira 3) Submit comments to these drafts on behalf of OWASP: OWASP Board or Industry Committee chair(?), 4) Create “Approaching Gov’t Organizations” guide: Dan Cornell, 5) Develop governance model for vetting officlal OWASP representatives, positions, and “One Voice” principle: Puneet Mehta, 6) Create SOC project for mapping standards body security controls to OWASP Body of Knowledge: TBD | After the Board Meeting - fill in here. | |
Fill in here. | After the Board Meeting - fill in here. |
Working Session Participants
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
WORKING SESSION PARTICIPANTS | ||||||
---|---|---|---|---|---|---|
Name | Company | Notes & reason for participating, issues to be discussed/addressed | ||||
1 | David Campbell | OWASP Denver | Experience w/ US Govt. agencies | |||
2 | Puneet Mehta | OWASP Delhi | Experience w/ India Govt. Agencies | |||
3 | ||||||
4 | Colin Watson | Watson Hall | Raising awareness of OWASP in government agencies | |||
5 | Rex Booth | Grant Thornton LLP | Experience with US gov. agencies | |||
6 | Lucas C. Ferreira | Brazilian Parliament | Work for Brazilian government | |||
7 | ||||||
8 | ||||||
9 | ||||||
10 |
If needed add here more lines.