OWASP - Cyber Security in the Boardroom

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * style="border-right: 1px dotted gray;padding-right:25px;" valign="top" |

OWASP - Cyber Security in the Boardroom
Owasp Cyber Security in the Boardroom Initiative is to provide the board of directors with a better understanding of cyber security & the challenges security professionals face order for them protect the companies they represent.

Equally, provide cyber security professionals with a better understanding of the board of directors, what their roles and responsibilities are & how they function. This is in order to help these professionals understand the board's needs and communicate upwards effectively.

Initiative Deliverables

 * A Primer on Cyber Security for the Board
 * Guidelines for selecting and evaluating the head of the Cyber Security program (e.g. CISO/CSO/CCO)
 * Top 10 Criteria for leading a Cyber Security program
 * Cyber Threats per Industry Sector
 * Cyber Security Framework

A Primer on Cyber Security for the Board

 * 1) Overview of Cyber Security for a Board of Directors
 * 2) * The Main Concepts of Cyber Security
 * 3) * The Challenges with Cyber Security
 * 4) * The Impacts of Cyber Security on an organisation
 * 5) * Responding to a Cyber Security Incident
 * 6) * Cyber Security Myths and Misconceptions
 * 7) * Cyber Security and Corporate Responsibility
 * 8) Overview of the Board of Directors for Cyber Security Professionals
 * 9) * Roles and Responsibilities of the Board
 * 10) * Board of Director Liabilities
 * 11) * Corporate Governance
 * 12) * Company Strategy and the role of Cyber Security
 * 13) Appendix
 * 14) * Useful Cyber Security References
 * 15) * Useful Board of Directors References
 * 16) * Scenarios

Top 10 Criteria for leading a Cyber Security program

 * 1) Establish segregation of duties and ownership of responsibilities for the cyber security program
 * 2) Managing risks in an evolving cyber landscape (Management Buy-in, Strategy, Planning, Governance, etc.)
 * 3) Organisational culture (security culture, mindset)
 * 4) Sector-focused prioritization of risks, types of attacks, threat actors.
 * 5) Mission Critical vs Business Critical; systems, networks and data.
 * 6) Digital Ecosystem (Architecture, Infrastructure, Cloud, Deployment, Physical Security, IAM, etc.)
 * 7) Secure communications (incl. Data-at-Rest, Data-in-Transit, Data-in-Process)
 * 8) Third-Party Risks (incl. Supply Chain)
 * 9) Containment
 * 10) Response Plan

Cyber Security Framework

 * Policies & Procedures Creation Guidelines
 * Data Classification Guidelines
 * Compliance
 * Information Security Risk Management
 * Information Security Incident Management
 * Information Systems Continuity Management
 * Third-Party Security

Licensing
The Owasp Cyber Security in the Boardroom Initiative is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


 * style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" valign="top" |

What is Cyber Security in the Boardroom?
OWASP Cyber Security in the Boardroom provides:
 * A Primer on Cyber Security for the Board
 * Guidelines for selecting and evaluating the head of the Cyber Security program
 * Top 10 Criteria for leading a Cyber Security program
 * Cyber Threats per Industry Sector
 * Cyber Security Framework

Presentation
Link to presentation

Project Leaders

 * Sherif Mansour
 * Grigorios Fragkos
 * Paul Harragan

Related Projects

 * OWASP_CISO_Survey


 * style="padding-left:25px;width:200px;" valign="top" |

Quick Download

 * Link to page/download

News and Events

 * [20 Nov 2013] News 2
 * [30 Sep 2013] News 1

In Print
This project can be purchased as a print on demand book from Lulu.com

Classifications

 * }

=FAQs=


 * Q1
 * A1


 * Q2
 * A2

= Acknowledgements =

Volunteers
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:


 * xxx
 * xxx

Others

 * xxx
 * xxx

= Road Map and Getting Involved = As of XXX, the priorities are:
 * xxx
 * xxx
 * xxx

Involvement in the development and promotion of XXX is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
 * xxx
 * xxx

=Project About=

= Project Materials = Document