Difference between revisions of "Application Security Guide For CISOs"

From OWASP
Jump to: navigation, search
(Licensing text added)
(Bullets)
 
(25 intermediate revisions by 3 users not shown)
Line 3: Line 3:
 
{| width="100%" cellspacing="0" cellpadding="10"
 
{| width="100%" cellspacing="0" cellpadding="10"
 
|- valign="top"
 
|- valign="top"
| width="66%" style="background:#d9e9f9" |
+
| width="70%" style="background:#d9e9f9" |
  
= The Guide =
+
= The CISO Guide =
 +
 
 +
Version 1.0 was published in November 2013.
  
 
== Contents ==
 
== Contents ==
Line 12: Line 14:
 
* Preamble
 
* Preamble
 
** [[CISO AppSec Guide: Introduction|Introduction]]
 
** [[CISO AppSec Guide: Introduction|Introduction]]
 +
** [[CISO AppSec Guide: Executive Summary|Executive Summary]]
 
** [[CISO AppSec Guide: Foreword|Foreword]]
 
** [[CISO AppSec Guide: Foreword|Foreword]]
 
* The CISO Guide
 
* The CISO Guide
 
** [[CISO AppSec Guide: Reasons for Investing in Application Security|Part I: Reasons for Investing in Application Security]]
 
** [[CISO AppSec Guide: Reasons for Investing in Application Security|Part I: Reasons for Investing in Application Security]]
 
** [[CISO AppSec Guide: Criteria for Managing Application Security Risks|Part II: Criteria for Managing Application Security Risks]]
 
** [[CISO AppSec Guide: Criteria for Managing Application Security Risks|Part II: Criteria for Managing Application Security Risks]]
** [[CISO AppSec Guide: Selection of Application Security Processes|Part III: Selection of Application Security Processes]]
+
** [[CISO AppSec Guide: Application Security Program|Part III: Application Security Program]]
 
** [[CISO AppSec Guide: Metrics For Managing Risks & Application Security Investments|Part IV: Metrics For Managing Risks & Application Security Investments]]
 
** [[CISO AppSec Guide: Metrics For Managing Risks & Application Security Investments|Part IV: Metrics For Managing Risks & Application Security Investments]]
 
* Supporting Information
 
* Supporting Information
 
** [[CISO AppSec Guide: References|References]]
 
** [[CISO AppSec Guide: References|References]]
 
** [[CISO AppSec Guide: About OWASP|About OWASP]]
 
** [[CISO AppSec Guide: About OWASP|About OWASP]]
* Appendices
+
* Appendix
** [[CISO AppSec Guide: Value of Data & Cost of an Incident|Appendix I-A: Value of Data & Cost of an Incident]]
+
** [[CISO AppSec Guide: Value of Data & Cost of an Incident|Appendix A: Value of Data & Cost of an Incident]]
** [[CISO AppSec Guide: Calculation Sheets|Appendix I-B: Calculation Sheets]]
+
** [[CISO AppSec Guide: Quick Reference to OWASP Guides & Projects|Appendix B: Quick Reference to OWASP Guides & Projects]]
** [[CISO AppSec Guide: Online Data Breach Cost Calculator|Appendix I-C: Online Data Breach Cost Calculator]]
+
 
** [[CISO AppSec Guide: Quick Reference to OWASP Guides & Projects|Appendix I-D: Quick Reference to OWASP Guides & Projects]]
+
  
 
== Licensing ==
 
== Licensing ==
  
The OWASP Application Security Guide For CISOs is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
+
The OWASP Application Security Guide For CISOs is free to use. It is licensed under the [http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
  
| width="1%" style="background:#ffffff" |
+
| width="100" style="max-height:200px;overflow:hidden;background:#fff;margin:0;padding:0;" cellpadding="0" |
  
| width="33%" style="background:#eeeeee" |
+
<div style="width:100px;max-height:300px;border:0;margin:0;padding-left:6px;padding-right:6px;overflow:visible;">[[File:CISO-Guide-bar.jpg|link=]]</div>
 +
 
 +
| width="30%" style="background:#eeeeee" |
  
 
=Credits =
 
=Credits =
  
== Primary author and editor ==
+
== Project lead and main author ==
  
* Marco Marona
+
* [[User:Marco-cincy|Marco Morana]]
  
== Other authors and contributors ==
 
  
* WHO ELSE????
+
== Other contributors ==
* Tobias Gondrom
+
* Eoin Keary
+
* Andy Lewis
+
* Stephanie Tan
+
* Colin Watson
+
  
The contributors to the [[OWASP CISO Survey]] also provided invaluable data for this guide.
+
Co-authors, contributors and reviewers:
  
== Further details ==
+
* [[User:Tobias|Tobias Gondrom]]
 +
* [[Eoin_Keary|Eoin Keary]]
 +
* [[User:Andylew|Andy Lewis]]
 +
* [[User:Stephanie_Tan|Stephanie Tan]]
 +
* [[User:Clerkendweller|Colin Watson]]
  
For further information about the Application Security Guide For CISOs see the [https://www.owasp.org/index.php/OWASP_Application_Security_Guide_For_CISOs_Project project page].
+
 
 +
= Further Information =
 +
 
 +
== CISO guide ==
 +
 
 +
The OWASP CISO Guide is also available as
 +
* [https://www.owasp.org/index.php/File:Owasp-ciso-guide.pdf Free downloadable PDF]
 +
* [http://www.lulu.com/shop/owasp-foundation/application-security-guide-for-cisos-v10-nov-2013/paperback/product-21288580.html At cost print on demand monochrome book].
 +
 
 +
 
 +
For full information about the Application Security Guide For CISOs Project, including mailing list details, the forward plan, how to contribute, the project status, and alternative media, see the project page:
 +
* [https://www.owasp.org/index.php/OWASP_Application_Security_Guide_For_CISOs_Project CISO Guide Project Page]
 +
 
 +
 
 +
== CISO survey ==
 +
 
 +
The contributors to the [[OWASP CISO Survey]] also provided invaluable data for this guide.
  
  

Latest revision as of 13:36, 7 November 2013


The CISO Guide

Version 1.0 was published in November 2013.

Contents


Licensing

The OWASP Application Security Guide For CISOs is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

CISO-Guide-bar.jpg

Credits

Project lead and main author


Other contributors

Co-authors, contributors and reviewers:


Further Information

CISO guide

The OWASP CISO Guide is also available as


For full information about the Application Security Guide For CISOs Project, including mailing list details, the forward plan, how to contribute, the project status, and alternative media, see the project page:


CISO survey

The contributors to the OWASP CISO Survey also provided invaluable data for this guide.