CISO AppSec Guide: References

Revision as of 10:32, 18 September 2013 by Stephanie Tan (talk | contribs) (Add category)

Jump to: navigation, search


Verizon 2011 Data Breach Investigation Report:

US Q2 2011 GDP Report Is Bad News for the US Tech Sector, But With Some Silver Linings:

Supplement to Authentication in an Internet Banking Environment:


OWASP Top Ten:

Gartner teleconference on application security, Joseph Feiman, VP and Gartner Fellow

Identity Theft Survey Report, Federal Trade Commission,September, 2003:

Dan E Geer Economics and Strategies of Data Security:

Data Loss Database:

WHID, Web Hacking Incident Database:

Imperva's Web Application Attack Report:

Albert Gonzalez data breach indictment:

First Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies, Sponsored by ArcSight Independently conducted by Ponemon Institute LLC, July 2010:

2010 Annual Study: U.S. Cost of a Data Breach:

Gordon, L.A. and Loeb, M.P. “The economics of information security investment”, ACM Transactions on Information and Systems Security, Vol.5, No.4, pp.438-457, 2002.

Total Cost of Ownership:

Wes SonnenReich, Return of Security Investment, Practical Quantitative Model:

Tangible ROI through Secure Software Engineering:

The Privacy Dividend: the business case for investing in proactive privacy protection, Information Commissioner's Office, UK, 2009:

Share prices and data breaches:

A commissioned study conducted by Forrester Consulting on behalf of VeriSign: DDoS: A Threat You Can’t Afford To Ignore:

Sony data breach could be most expensive ever:

Health Net discloses loss of data to 1.9 million customers:

EMC spends $66 million to clean up RSA SecureID mess:

Dmitri Alperovitch, Vice President, Threat Research, McAfee, Revealed: Operation Shady RAT:

OWASP Security Spending Benchmarks Project Report:

The Security Threat/Budget Paradox:

Security and the Software Development Lifecycle: Secure at the Source, Aberdeen Group, 2011

State of Application Security - Immature Practices Fuel Inefficiencies, But Positive ROI Is Attainable, Forrester Consulting, 2011



Short piece about OWASP and including links to Projects, ASVS, SAMM, Commercial Code of Conduct, Citations, ???