This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Working Session - OWASP Intra Governmental Affairs"

From OWASP
Jump to: navigation, search
(Working Session Participants)
m
 
(9 intermediate revisions by 6 users not shown)
Line 9: Line 9:
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Short Work Session Description'''  
  | colspan="6" style="width:85%; background:#cccccc" align="left"|TBD
+
  | colspan="6" style="width:85%; background:#cccccc" align="left"|Increasing the visibility of AppSec within gov't agencies by effectively positioning OWASP resources and communicating OWASP principles to standards bodies, gov't agencies, and implementers and auditors.
 
  |-
 
  |-
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Related Projects'''  
 
  | style="width:15%; background:#7B8ABD" align="center"| '''Related Projects'''  
Line 17: Line 17:
 
  | style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''
 
  | style="width:25%; background:#7B8ABD" align="center"|'''Email Contacts & Roles'''
 
  | style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>David Campbell
 
  | style="width:25%; background:#cccccc" align="center"|'''Chair'''<br>David Campbell
  | style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:[email protected] '''Puneet Mehta'''] , [mailto:[email protected] '''Dhruv Soi''']  
+
  | style="width:25%; background:#cccccc" align="center"|'''Secretary'''<br>[mailto:colin.watson(at)owasp.org '''Colin Watson'''] , <s>[mailto:[email protected] '''Puneet Mehta'''] , [mailto:[email protected] '''Dhruv Soi'''] </s>
 
  | style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-intra-governmental-affairs '''Subscription Page''']
 
  | style="width:25%; background:#cccccc" align="center"|'''Mailing list'''<br>[https://lists.owasp.org/mailman/listinfo/owasp-intra-governmental-affairs '''Subscription Page''']
 
  |}
 
  |}
Line 42: Line 42:
 
  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES'''  
 
  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION OPERATIONAL RESOURCES'''  
 
  |-
 
  |-
  | style="width:100%; background:#cccccc" align="center"|Please add here, ASAP, any needed relevant resources, e.g. data-show, boards, laptops, etc.
+
  | style="width:100%; background:#cccccc" align="center"|Projector, also wireless connection for conferencing in remote participants.  NOTE: these resources were not available and this negatively impacted the effectiveness of the group. For future Summits these resources should be coordinated more effectively.
 
  |}
 
  |}
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
Line 50: Line 50:
 
  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS'''  
 
  ! colspan="7" align="center" style="background:#4058A0; color:white"|<font color="white">'''WORKING SESSION ADDITIONAL DETAILS'''  
 
  |-
 
  |-
  | style="width:100%; background:#cccccc" align="left"|
+
  | style="width:33%; background:#cccccc" align="left"|
Please add here, any additional notes, links, ideas, guidelines, etc... The objective is to help the working sessions participants and attendees to prepare their participation/contribution.
+
[https://www.owasp.org/images/5/5d/OWASP_EU_Summit_2008_Intra_govt_affairs_DC.zip Presentation] prepared by Puneet and DC to seed discussion and summarize outcomes, updated with outputs of working group.
 +
| style="width:33%; background:#cccccc" align="center"|
 +
[https://www.owasp.org/images/6/6a/Ws_intra_governmental_notes.zip Working Session Notes]
 +
| style="width:33%; background:#cccccc" align="right"|
 +
[https://www.owasp.org/images/b/bf/Ws_intra_governmental_votingideas.zip Ideas to put up for Vote Captured during Session]
 
  |}
 
  |}
 
{| style="width:100%" border="0" align="center"
 
{| style="width:100%" border="0" align="center"
Line 61: Line 65:
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|
 
  | style="width:7%; background:#7B8ABD" align="center"|
  | style="width:46%; background:#C2C2C2" align="center"|Mission or goal statement.  
+
  | style="width:46%; background:#C2C2C2" align="center"|Mission: To ensure that OWASP’s dealings with governmental and regulatory agencies are coherent and consistent, making effective use of resources and global perspective for the benefit of members and constituents.  
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|
 
  | style="width:7%; background:#7B8ABD" align="center"|
  | style="width:46%; background:#C2C2C2" align="center"|Prioritized list of potential areas where OWASP can work with Government.
+
  | style="width:46%; background:#C2C2C2" align="center"|Prioritized list of potential areas where OWASP can work with Government: 1) Help regulators / federal agencies define Application security controls for statutory compliance, 2) Support or oppose Legislative action relevant to InfoSec/AppSec, 3) Create mapping of standards bodies security controls to OWASP specific guidance (i.e. map FISCAM, 800-53/53A to OWASP Testing Guide), 4)Outreach & Evangelism to implementers and auditors of standards
 +
 
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|
 
  | style="width:7%; background:#7B8ABD" align="center"|
  | style="width:46%; background:#C2C2C2" align="center"|Roadmap / Model to approach this initiative.  
+
  | style="width:46%; background:#C2C2C2" align="center"|Roadmap / Model to approach this initiative: Appoint gov't specialists to "Industry" global committee.  Assign a primary point of contact for gov't interaction for each country.  Establish a governance process whereby these POC's are given authority to interact with gov't officials on behalf of OWASP.
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|
 
  | style="width:7%; background:#7B8ABD" align="center"|
  | style="width:46%; background:#C2C2C2" align="center"|Identify Team / committee to lead this initiative.  
+
  | style="width:46%; background:#C2C2C2" align="center"|Identify Team / committee to lead this initiative. US POC: Rex Booth, UK POC: Colin Watson, India POC: Puneet Mehta, Brazil POC: Lucas Ferreira
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|
 
  | style="width:7%; background:#7B8ABD" align="center"|
  | style="width:46%; background:#C2C2C2" align="center"|Fill in here.  
+
  | style="width:46%; background:#C2C2C2" align="center"|Action items: 1) Review NIST draft special pubs relevant to AppSec and solicit comments from OWASP SME's: David Campbell. 2) Review ISO draft standards relevant to AppSec and solicit comments from OWASP SME's: Lucas Ferreira 3) Submit comments to these drafts on behalf of OWASP: OWASP Board or Industry Committee chair(?), 4) Create “Approaching Gov’t Organizations” guide: Dan Cornell, 5) Develop governance model for vetting officlal OWASP representatives, positions, and “One Voice” principle: Puneet Mehta, 6) Create SOC project for mapping standards body security controls to OWASP Body of Knowledge: TBD
 +
 
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  | style="width:47%; background:#C2C2C2" align="center"|After the Board Meeting - fill in here.  
 
  |-
 
  |-
Line 97: Line 103:
 
  | style="width:15%; background:#cccccc" align="center"|David Campbell
 
  | style="width:15%; background:#cccccc" align="center"|David Campbell
 
  | style="width:15%; background:#cccccc" align="center"|OWASP Denver
 
  | style="width:15%; background:#cccccc" align="center"|OWASP Denver
  | style="width:63%; background:#cccccc" align="center"|experience w/ US govt agencies
+
  | style="width:63%; background:#cccccc" align="center"|Experience w/ US Govt. agencies
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|2
 
  | style="width:7%; background:#7B8ABD" align="center"|2
Line 105: Line 111:
 
  |-
 
  |-
 
  | style="width:7%; background:#7B8ABD" align="center"|3
 
  | style="width:7%; background:#7B8ABD" align="center"|3
  | style="width:15%; background:#cccccc" align="center"|Sion Camilleri
+
  | style="width:15%; background:#cccccc" align="center"|<s>Sion Camilleri</s>
  | style="width:15%; background:#cccccc" align="center"|OWASP Belgium
+
  | style="width:15%; background:#cccccc" align="center"|<s>OWASP Belgium</s>
  | style="width:63%; background:#cccccc" align="center"|Experience w/ Australian, UK, NATO, and other International/EU Commission Government Agencies   
+
  | style="width:63%; background:#cccccc" align="center"|<s>Experience w/ Australian, UK, NATO, and other International/EU Commission Government Agencies</s>  
 
|-
 
|-
 
  | style="width:7%; background:#7B8ABD" align="center"|4
 
  | style="width:7%; background:#7B8ABD" align="center"|4
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|Colin Watson
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|Watson Hall
  | style="width:63%; background:#cccccc" align="center"|
+
  | style="width:63%; background:#cccccc" align="center"|Raising awareness of OWASP in government agencies
 
|-
 
|-
 
  | style="width:7%; background:#7B8ABD" align="center"|5
 
  | style="width:7%; background:#7B8ABD" align="center"|5
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|Rex Booth
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|Grant Thornton LLP
  | style="width:63%; background:#cccccc" align="center"|
+
  | style="width:63%; background:#cccccc" align="center"|Experience with US gov. agencies
 
|-
 
|-
 
  | style="width:7%; background:#7B8ABD" align="center"|6
 
  | style="width:7%; background:#7B8ABD" align="center"|6
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|Lucas C. Ferreira
  | style="width:15%; background:#cccccc" align="center"|  
+
  | style="width:15%; background:#cccccc" align="center"|Brazilian Parliament
  | style="width:63%; background:#cccccc" align="center"|
+
  | style="width:63%; background:#cccccc" align="center"|Work for Brazilian government
 
|-
 
|-
 
  | style="width:7%; background:#7B8ABD" align="center"|7
 
  | style="width:7%; background:#7B8ABD" align="center"|7
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|<s>Arturo 'Buanzo' Busleiman</s>
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|<s>Independent</s>
  | style="width:63%; background:#cccccc" align="center"|
+
  | style="width:63%; background:#cccccc" align="center"|<s>I have certain vinculations with the Argentinian government.</s>
 
|-
 
|-
 
  | style="width:7%; background:#7B8ABD" align="center"|8
 
  | style="width:7%; background:#7B8ABD" align="center"|8
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|<s>Fabio Cerullo</s>
  | style="width:15%; background:#cccccc" align="center"|
+
  | style="width:15%; background:#cccccc" align="center"|<s>AIB Bank</s>
  | style="width:63%; background:#cccccc" align="center"|
+
  | style="width:63%; background:#cccccc" align="center"|<s>interested in the topic</s>
 
|-
 
|-
 
  | style="width:7%; background:#7B8ABD" align="center"|9
 
  | style="width:7%; background:#7B8ABD" align="center"|9

Latest revision as of 16:56, 17 November 2008

Working Sessions Operational Rules - Please see here the general frame of rules.
WORKING SESSION IDENTIFICATION
Work Session Name OWASP Intra Governmental Affairs
Short Work Session Description Increasing the visibility of AppSec within gov't agencies by effectively positioning OWASP resources and communicating OWASP principles to standards bodies, gov't agencies, and implementers and auditors.
Related Projects

If any, add a link.

Email Contacts & Roles Chair
David Campbell
Secretary
Colin Watson , Puneet Mehta , Dhruv Soi
Mailing list
Subscription Page
WORKING SESSION SPECIFICS
Objectives
  • Identify top reasons and driving factors to work with Government of different countries,
  • Identify potential areas where OWASP and Government can work together,
  • Discuss Measurable benefits,
  • Identify possible ways on how to approach this initiative.
Venue/Date&Time/Model Venue
OWASP EU Summit Portugal 2008
Date&Time
November 5 & 7, 2008
Time TBD
Discussion Model
"Everybody is a Participant"
WORKING SESSION OPERATIONAL RESOURCES
Projector, also wireless connection for conferencing in remote participants. NOTE: these resources were not available and this negatively impacted the effectiveness of the group. For future Summits these resources should be coordinated more effectively.
WORKING SESSION ADDITIONAL DETAILS

Presentation prepared by Puneet and DC to seed discussion and summarize outcomes, updated with outputs of working group.

Working Session Notes

Ideas to put up for Vote Captured during Session

WORKING SESSION OUTCOMES
Statements, Initiatives or Decisions Proposed by Working Group Approved by OWASP Board
Mission: To ensure that OWASP’s dealings with governmental and regulatory agencies are coherent and consistent, making effective use of resources and global perspective for the benefit of members and constituents. After the Board Meeting - fill in here.
Prioritized list of potential areas where OWASP can work with Government: 1) Help regulators / federal agencies define Application security controls for statutory compliance, 2) Support or oppose Legislative action relevant to InfoSec/AppSec, 3) Create mapping of standards bodies security controls to OWASP specific guidance (i.e. map FISCAM, 800-53/53A to OWASP Testing Guide), 4)Outreach & Evangelism to implementers and auditors of standards After the Board Meeting - fill in here.
Roadmap / Model to approach this initiative: Appoint gov't specialists to "Industry" global committee. Assign a primary point of contact for gov't interaction for each country. Establish a governance process whereby these POC's are given authority to interact with gov't officials on behalf of OWASP. After the Board Meeting - fill in here.
Identify Team / committee to lead this initiative. US POC: Rex Booth, UK POC: Colin Watson, India POC: Puneet Mehta, Brazil POC: Lucas Ferreira After the Board Meeting - fill in here.
Action items: 1) Review NIST draft special pubs relevant to AppSec and solicit comments from OWASP SME's: David Campbell. 2) Review ISO draft standards relevant to AppSec and solicit comments from OWASP SME's: Lucas Ferreira 3) Submit comments to these drafts on behalf of OWASP: OWASP Board or Industry Committee chair(?), 4) Create “Approaching Gov’t Organizations” guide: Dan Cornell, 5) Develop governance model for vetting officlal OWASP representatives, positions, and “One Voice” principle: Puneet Mehta, 6) Create SOC project for mapping standards body security controls to OWASP Body of Knowledge: TBD After the Board Meeting - fill in here.
Fill in here. After the Board Meeting - fill in here.

Working Session Participants

(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)

WORKING SESSION PARTICIPANTS
Name Company Notes & reason for participating, issues to be discussed/addressed
1 David Campbell OWASP Denver Experience w/ US Govt. agencies
2 Puneet Mehta OWASP Delhi Experience w/ India Govt. Agencies
3 Sion Camilleri OWASP Belgium Experience w/ Australian, UK, NATO, and other International/EU Commission Government Agencies
4 Colin Watson Watson Hall Raising awareness of OWASP in government agencies
5 Rex Booth Grant Thornton LLP Experience with US gov. agencies
6 Lucas C. Ferreira Brazilian Parliament Work for Brazilian government
7 Arturo 'Buanzo' Busleiman Independent I have certain vinculations with the Argentinian government.
8 Fabio Cerullo AIB Bank interested in the topic
9
10

If needed add here more lines.