Application Security Guide For CISOs

{| width="100%" cellspacing="0" cellpadding="10"
 * - valign="top"
 * width="70%" style="background:#d9e9f9" |

= The CISO Guide =

Application Security Guide For CISOs Version 1.0 was published in November 2013. Version 2 of the Guide is currently in the works and planned for publication in Q2 2018.

La Guía de Seguridad en Aplicaciones para CISOs versión 1.0 (Español) fue publicada en marzo de 2015.

Contents

 * Preamble
 * Introduction
 * Executive Summary
 * Foreword
 * The CISO Guide
 * Part I: Reasons for Investing in Application Security
 * Part II: Criteria for Managing Application Security Risks
 * Part III: Application Security Program
 * Part IV: Metrics For Managing Risks & Application Security Investments
 * Supporting Information
 * References
 * About OWASP
 * Appendix
 * Appendix A: Value of Data & Cost of an Incident
 * Appendix B: Quick Reference to OWASP Guides & Projects

Licensing
The OWASP Application Security Guide For CISOs is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Feedback & Contributions
We hope you find the information in the OWASP CISO guide project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP CISO guide mailing list. You can subscribe to the list by selecting the link herein


 * width="100" style="max-height:200px;overflow:hidden;background:#fff;margin:0;padding:0;" cellpadding="0" |




 * width="30%" style="background:#eeeeee" |

=Credits =

Project lead and main author

 * Marco Morana

Other contributors
Co-authors, contributors and reviewers:


 * Tobias Gondrom
 * Eoin Keary
 * Andy Lewis
 * Stephanie Tan
 * Colin Watson

Versión en español
La Guía de Seguridad en Aplicaciones para CISOs (Español) fue editada y corregida por Mauro Gioino, Mauro Graziosi y Cristian Borghello.

Traductores al español

 * Daniel J. Fernández
 * Franco Cian
 * German Chiovetta
 * Javier Albano
 * Lucas Barbero
 * Walter Heffel

= Further Information =

CISO guide
The OWASP CISO Guide is also available as
 * [EN Download PDF]
 * [ES Descarga PDF]
 * At cost print on demand monochrome book.

For full information about the Application Security Guide For CISOs Project, including mailing list details, the forward plan, how to contribute, the project status, and alternative media, see the project page:
 * CISO Guide Project Page

CISO survey
The contributors to the OWASP CISO Survey also provided invaluable data for this guide.


 * }