Presentation is loading. Please wait.

Presentation is loading. Please wait.

OWASP Intra- Governmental Affairs David Campbell Denver Chapter Puneet Mehta Delhi Chapter.

Published byMartin Atkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "OWASP Intra- Governmental Affairs David Campbell Denver Chapter Puneet Mehta Delhi Chapter."— Presentation transcript:

1 OWASP Intra- Governmental Affairs David Campbell dcampbell@owasp.org Denver Chapter Puneet Mehta Puneet.mehta@owasp.org Delhi Chapter

2 Overview OWASP is a globally recognized body for Web Application Security guidance and frameworks. OWASP materials are used worldwide by organizations and individuals to provide a reliable enterprise application security programs. The Open community model of OWASP has already grabbed the attention of thousands of security professionals worldwide who contribute to OWASP’s ongoing initiatives and this number is growing everyday. While the above is helping strengthen OWASP’s credibility, there is a greater need to position OWASP amongst Government of different countries. This is required to promote OWASP as a standard body for AppSec just like ISO / BS. Some of the compliance bodies such as PCI already mandate adhering to OWASP Top10 for PCI DSS compliance. This needs to extend to other regulatory bodies in different countries and requires close government interaction and representation by OWASP.

3 Objectives Identify top reasons and driving factors to work with Government of different countries Identify potential areas where OWASP and Government can work together Discuss Measurable benefits Identify possible ways on how to approach this initiative

4 Top reasons / Driving Factors Increasing regulatory compliance directives that mandate application security controls Lack of an official / recognized Application security standard that can be used to audit and assess the maturity level. Also there is a need for ASBOK (Application Security body of Knowledge). I understand OWASP Guide is there, but it needs to include regulatory part and mapping of application specific security controls. Lack of Certification & Accreditation criteria. National critical infrastructure protection boards are forming in various countries creating opportunities for bodies such as OWASP to provide guidance and advisory on AppSec issues. Participation in National research programs and policy frameworks Lack of formal Application Security programs in Academia (Universities, colleges etc.)

5 Top reasons / Driving Factors – Continued… To gain visibility amongst different Govt. agencies such as Ministry of IT & Communication, NIST, CERT, NIC (National Informatics Center), NTRO (National Technology Research Organization), RBI (Reserve Bank of India), Cyber Security & Defense Wing etc.. To leverage existing infrastructure base & financial grants to initiate new research projects Experience has shown that government security directives developed without proper integration of expert input yields unwieldy and ineffective controls (i.e. USA’s FISMA act of 2002)

6 Potential Areas to work together Help define policies and roadmap for strategic initiatives such as National Critical Infrastructure Protection Board, Homeland Security Initiatives etc. Help regulators / federal agencies define Application security controls for statutory compliance Mapping Application specific security controls of different Standards and regulations to OWASP Framework such as (NIST, PCI, ISO 27001, RBI, SOX / Clause 64 (India) etc..) Defining guidelines and Code of Practice document specific to different compliance requirements. Jointly work on new research projects Drive application security programs for Universities and other Academic and research institutions

7 Potential Areas to work together- Continued NIST/NSF RFI for “revolutionary ideas” for cybersecurity. Submissions due 15 Dec 08. http://www.fcw.com/online/news/154063-1.html?type=pfhttp://www.fcw.com/online/news/154063-1.html?type=pf

8 Measurable Benefits Potential opportunities to initiate new research projects with financial support from Govt. Gain wider reach, Increased visibility & representation at National level within different countries Increased participation from individuals, federal agencies and other bodies that are not participating currently Get positioned as a Standard Body for AppSec just like ISO/BS and also provide Accreditation and Certification function Contd….Add more

9 Possible ways to approach the initiative Institutionalize an OWASP Intra-Governmental Affairs Advisory Board (OIGAAB) which will work directly under the OWASP Foundation Board. This Board can have Task Forces designated for each country (Possibly Chapter leaders from respective countries can be identified to form these task forces) that will initiate interactions with Government bodies and work on identified areas to help achieve set objectives. Next slide depicts a sample structure:Next slide

10 Possible ways to approach the initiative- Continued OWASP Foundation Board Conferences OWASP Intra- Governmental Affairs Operations Committees and TF Committees And TF e.g.Research, Standards, Membership, Finance, OWASP Intra-Governmental Affairs Advisory Board, etc Committees and task forces – Country Specific Committees And TF Committees And TF Committees And TF OWASP Intra-Governmental Affairs Advisory Board (OIGAAB) – Sample Sturcture

11 Mission Statement- OIGAAB Mission : to ensure that OWASP’s dealings with governmental and regulatory agencies (where the impact on OWASP is potentially multinational) are coherent and consistent, making effective use of resources and global perspective for the benefit of members and constituents. Types of organizations: Governmental and regulatory agencies Economic international entities Professional bodies that regulate or influence regulators SampleGeographic task forces: Sample Europe (Could be sub divided further) Asia (India, China, Hong Kong, Taiwan etc..) Americas

12 OWASP Intra-Governmental Affairs Advisory Board- Typical Activities Collaborate with/advise standard-setting bodies Promote recognition of OWASP Projects & other materials Encourage adoption of OWASP frameworks (to be positioned as a standard) for improvement of Application Security Disseminate to OWASP’s constituents information from multinational agencies on professional issues Promote OWASP education and membership Promote awareness and recognition of OWASP’s knowledge base Contribute to research projects and disseminate research results Add more…..

Download ppt "OWASP Intra- Governmental Affairs David Campbell Denver Chapter Puneet Mehta Delhi Chapter."

Similar presentations

PROFESSIONAL ASSOCIATIONS: WHY PARTICIPATE? Presenter Name Company IIA Chapter/Institute.

PROFESSIONAL ASSOCIATIONS: WHY PARTICIPATE? Presenter Name Company IIA Chapter/Institute.
Institute of Industrial Engineers State of the Institute Report 2013-18 Strategic Plan May 2013 Kim LaScola Needy Don Greene President Executive Director.

Institute of Industrial Engineers State of the Institute Report Strategic Plan May 2013 Kim LaScola Needy Don Greene President Executive Director.
Www.theiia.org Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November.

Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November.
Competition Culture The Key to Successful Competition Regime 3 rd BRICS International Competition Conference New Delhi, November 21-22, 2013 Pradeep S.

Competition Culture The Key to Successful Competition Regime 3 rd BRICS International Competition Conference New Delhi, November 21-22, 2013 Pradeep S.
International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.

International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.
Presented to the IESBA Meeting of 4-6 December 2013, New York, by Chishala Kateka.

Presented to the IESBA Meeting of 4-6 December 2013, New York, by Chishala Kateka.
INTOSAI Compliance Audit Guidelines (ISSAI )

INTOSAI Compliance Audit Guidelines (ISSAI )
INTOSAI and IFAC Robert F. Dacey Chief Accountant US Government Accountability Office.

INTOSAI and IFAC Robert F. Dacey Chief Accountant US Government Accountability Office.
1 An Overview of the Auditing Roundtable and Its Collaboration With ICSR Presented to World Environment Center Sustainability Forum April 26, 2001 Constance.

1 An Overview of the Auditing Roundtable and Its Collaboration With ICSR Presented to World Environment Center Sustainability Forum April 26, 2001 Constance.
SHRM Overview for AmChams AACCLA Conference October 19, 2011.

SHRM Overview for AmChams AACCLA Conference October 19, 2011.
TRU Waste Processing Center Culture and Successful Implementation of an ISO 14001 Certified Environmental Management System Presented at the DOE ISM Conference.

TRU Waste Processing Center Culture and Successful Implementation of an ISO Certified Environmental Management System Presented at the DOE ISM Conference.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Www.globaliia.org The Institute of Internal Auditors: Serving the Global Internal Auditing Profession Gerry Cox, CMIIA, CIA, CRMA, Chief Executive, South.

The Institute of Internal Auditors: Serving the Global Internal Auditing Profession Gerry Cox, CMIIA, CIA, CRMA, Chief Executive, South.
ISACA Wellington: 2014 Strategy. Background ISACA’s vision: Trust in, and value from, information and information systems ISACA’s mission: For professionals.

ISACA Wellington: 2014 Strategy. Background ISACA’s vision: Trust in, and value from, information and information systems ISACA’s mission: For professionals.
BUSINESS & HUMAN RIGHTS UniCredit on its sustainability path: understanding and managing the financial sector’s responsibilities in terms of human rights”

BUSINESS & HUMAN RIGHTS UniCredit on its sustainability path: understanding and managing the financial sector’s responsibilities in terms of human rights”
Board on Career Development: Strategic Planning David E. Lee Chair Board on Career Development 25 February 2013.

Board on Career Development: Strategic Planning David E. Lee Chair Board on Career Development 25 February 2013.
American College of Healthcare Executives ACHE Update Leadership Knowledge Relationships Marketability.

American College of Healthcare Executives ACHE Update Leadership Knowledge Relationships Marketability.
Be Part of Something BIG Volunteer Opportunities American Society of Safety Engineers.

Be Part of Something BIG Volunteer Opportunities American Society of Safety Engineers.
Institute of Industrial Engineers State of the Institute Report Presented at 2014 Annual Conference June 1, 2014 Dennis Oates Don Greene President Executive.

Institute of Industrial Engineers State of the Institute Report Presented at 2014 Annual Conference June 1, 2014 Dennis Oates Don Greene President Executive.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Similar presentations

Ads by Google