This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Promoting Application Security within Federal Government

From OWASP
Revision as of 00:18, 4 August 2009 by Jeremy.long (talk | contribs) (Created page with '== The presentation == rightCurrently, federal government organizations are not particularly focused on application layer security. The major re…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The presentation

Owasp logo normal.jpg
Currently, federal government organizations are not particularly focused on application layer security. The major reason behind this is that federal organizations are driven primarily by compliance related pressures. While FISMA presents a comprehensive approach to managing risk from information security, the actual security controls defined within the NIST FISMA guidelines stress traditional network and platform security far more than application security. During this presentation, we will present the NIST Special Pub 800-53 security controls (a subset of those controls required to support FISMA compliance) that directly or indirectly imply the need to implement and assess application security. We will also present the components of the NIST Security Content Automation Program (S-CAP) that support application security. Finally, we will identify the gaps that remain in the drivers for federal government implementation of effective application security programs and provide recommendations on how to close the gap.

The speaker

Dr. Sarbari Gupta has been active in the information security industry for over twenty years as an entrepreneur, executive, architect, researcher, and software engineer. She is the Founder and President of Electrosoft, a technology company providing services to federal and commercial customers in the areas of identity management and information security. Dr. Gupta has written many technical papers and holds four patents. She has a PhD in EE and holds CISSP, CISA and CAP certifications.