Application Security Guide For CISOs

{| width="100%" cellspacing="0" cellpadding="10"
 * - valign="top"
 * width="70%" style="background:#d9e9f9" |

= The CISO Guide =

Contents

 * Preamble
 * Introduction
 * Executive Summary
 * Foreword
 * The CISO Guide
 * Part I: Reasons for Investing in Application Security
 * Part II: Criteria for Managing Application Security Risks
 * Part III: Application Security Program
 * Part IV: Metrics For Managing Risks & Application Security Investments
 * Supporting Information
 * References
 * About OWASP
 * Appendix
 * Appendix I-A: Quick Reference to OWASP Guides & Projects
 * Appendix I-B: Value of Data & Cost of an Incident

Licensing
The OWASP Application Security Guide For CISOs is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


 * width="100" style="max-height:200px;overflow:hidden;background:#fff;margin:0;padding:0;" cellpadding="0" |




 * width="30%" style="background:#eeeeee" |

=Credits =

Primary author and editor

 * Marco Morana

Other contributors
Authors, editors, reviewers and promoters


 * Tobias Gondrom
 * Eoin Keary
 * Andy Lewis
 * Stephanie Tan
 * Colin Watson

= Further Information =

OWASP project
For full information about the Application Security Guide For CISOs Project, including mailing list details, the forward plan, how to contribute, the project status, and alternative media, see the project page.

CISO survey
The contributors to the OWASP CISO Survey also provided invaluable data for this guide.


 * }