OWASP Intra- Governmental Affairs David Campbell Denver Chapter Puneet Mehta Delhi Chapter.

Slides:

Advertisements

Similar presentations

PROFESSIONAL ASSOCIATIONS: WHY PARTICIPATE? Presenter Name Company IIA Chapter/Institute.

Advertisements

Institute of Industrial Engineers State of the Institute Report Strategic Plan May 2013 Kim LaScola Needy Don Greene President Executive Director.

Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November.

Competition Culture The Key to Successful Competition Regime 3 rd BRICS International Competition Conference New Delhi, November 21-22, 2013 Pradeep S.

International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.

Presented to the IESBA Meeting of 4-6 December 2013, New York, by Chishala Kateka.

INTOSAI Compliance Audit Guidelines (ISSAI )

INTOSAI and IFAC Robert F. Dacey Chief Accountant US Government Accountability Office.

1 An Overview of the Auditing Roundtable and Its Collaboration With ICSR Presented to World Environment Center Sustainability Forum April 26, 2001 Constance.

SHRM Overview for AmChams AACCLA Conference October 19, 2011.

TRU Waste Processing Center Culture and Successful Implementation of an ISO Certified Environmental Management System Presented at the DOE ISM Conference.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

The Institute of Internal Auditors: Serving the Global Internal Auditing Profession Gerry Cox, CMIIA, CIA, CRMA, Chief Executive, South.

ISACA Wellington: 2014 Strategy. Background ISACA’s vision: Trust in, and value from, information and information systems ISACA’s mission: For professionals.

BUSINESS & HUMAN RIGHTS UniCredit on its sustainability path: understanding and managing the financial sector’s responsibilities in terms of human rights”

Board on Career Development: Strategic Planning David E. Lee Chair Board on Career Development 25 February 2013.

American College of Healthcare Executives ACHE Update Leadership Knowledge Relationships Marketability.

Be Part of Something BIG Volunteer Opportunities American Society of Safety Engineers.

Institute of Industrial Engineers State of the Institute Report Presented at 2014 Annual Conference June 1, 2014 Dennis Oates Don Greene President Executive.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)

What is UN Global Compact?

©SHRM 2008 Pennsylvania State Leadership Conference Phyllis Shurn-Hannah NE Field Services Director (DE, MD, NJ, PA)

INTOSAI Public Debt Working Group Updating of the Strategic Plan Richard Domingue Office of the Auditor General of Canada June 14, 2010.

COMMITTEE FOR CO-OPERATIVES AND NPO SECTORS OF ICAI. The Institute of Chartered Accountants of India (Set up by an Act of Parliament) New Delhi.

ANSI Conference on U.S. Leadership in ISO and IEC Presented by Dr. Carmiña Londoño Group Leader, Global Standards and Information Group, National.

AHIMA & PHDSC A Transformational Alliance. CONFIDENTIAL AHIMA Background  Professional association founded in 1928 as the Association of Record Librarians.

CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -

Importance of Philanthropy Data from a Global Perspective.

Sphere India: Genesis and Milestones Sphere India: Present Status Sphere India Management Structure Sphere India: Future Plans Sphere India.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Ggim.un.org. The United Nations initiative on Global Geospatial Information Management A formal mechanism under UN protocol to discuss, enhance and coordinate.

Ggim.un.org. The UN discusses Global Geospatial Information Management “Just like statistics, every country must have authoritative, trusted, maintained,

“PLANNING” CREATING A CULTURE OF EVIDENCE Elizabeth Noel, PhD Associate Vice President, Research Office of Research and Development.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

1 Leveraging the WTO/TBT Agreement New Delhi, India September 11, 2008 Elise Owen Representative for China and India Affairs American National Standards.

SUMMARY OF DISCUSSIONS AMONG AFRICAN SITES PRIOR TO THE WORLD BANK'S VIDEO- CONFERENCE: “OPEN STANDARDS FOR GOVERNMENT TRANSFORMATION” 17TH APRIL 2009.

“Financial reporting plays a critical role in establishing and maintaining the confidence of the investing public. The objective of financial reporting.

Slide 1-1 FINANCIAL REPORTING AND ACCOUNTING STANDARDS.

Industry Advisory Board (IAB) Purpose & Mission and Past Activities.

Industrial Advisory Board Town Hall Meeting IAB - Keeping Industry in Industrial Engineering INNOVATIONS REVEALED IIE Annual Conference & Expo 2009 May.

SSLEV Programme INDIA ——————————————— Tanzania Draft Action Plan ——————————————— R. J. Masika, E. Runyoro, J. Nicolao & I. Bakari Tanzania Delegation -

Solutions4Business Inc. “Your Consulting Partner for Strategic Supply Chain Initiatives” Mark Hehl Senior Consultant Solutions4Business Inc.

G-20Y Summit Session October 12, p.m.. Suggested format for the round table: The G-20Y Summit IOC suggests to have the discussions open for.

International Federation of Accountants Importance of Reliable Financial Reporting in the International Context October 2005.

Globaliia.org From Dubai to Beijing (How we use your GC input) Anton van Wyk, Chairman of the Board.

Global Geospatial Information Management (GGIM) A UN-DESA Initiative in collaboration with Cartographic Section, DFS Stefan Schweinfest UNSD.

INTERNATIONAL INSURANCE SOCIETY Promoting Global Growth and Innovation.

International Federation of Accountants Supporting Accounting and Auditing in Latin America And the Caribbean Sylvia Barrett November 2006, Washington.

Competition Advocacy: Need and Importance Udai S Mehta Director, CUTS International.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

PROFESSIONAL NURSING ORGANIZATIONS

National Emergency Communications Plan Update National Association of Regulatory Utility Commissioners Winter Committee Meeting February 16, 2015 Ron Hewitt.

Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,

Korea Responsible Care Council RESPONSIBLE CARE ® in KOREA March 2001 By KOREA RESPONSIBLE CARE COUNCIL.

Website Report: America Council on Education Michael A. Smith.

MINISTERIAL CONFERENCE The Road to Europe – Program of Accounting Reform and Institutional Strengthening Vienna 16 March 2005 “Contribution of the Accounting.

PREPARING FOR ISO Presentation by: Irene Muasya GRC Professional

Principles of Good Governance

HIMSS Standards Activities

Training Course on Integrated Management System for Regulatory Body

International Federation of Accountants

GOVERNANCE COUNCILS AND HARTNELL’S GOVERNANCE MODEL

How to Successfully Leverage Professional Associations

Realizing the Power of Professional Accountants

Private Sector Perspective: Key “Best Practices” that Strengthen Protection of Environment, Health and Safety while Facilitating Trade and Economic Development.

The Impact of Digitization on Global Alignment of Product Safety Regulations ICPHSO International Symposium November 12, 2018.

Cooperation between the Asia-Pacific and the Lisbon Recognition Convention regions re recognition of TNQ Asia-Pacific Forum in Quality and Recognition.

ISACA IN 2019 Robin Lyons WHAT’S NEXT, NOW Technical Research Manager

Presentation transcript:

OWASP Intra- Governmental Affairs David Campbell Denver Chapter Puneet Mehta Delhi Chapter

Overview OWASP is a globally recognized body for Web Application Security guidance and frameworks. OWASP materials are used worldwide by organizations and individuals to provide a reliable enterprise application security programs. The Open community model of OWASP has already grabbed the attention of thousands of security professionals worldwide who contribute to OWASP’s ongoing initiatives and this number is growing everyday. While the above is helping strengthen OWASP’s credibility, there is a greater need to position OWASP amongst Government of different countries. This is required to promote OWASP as a standard body for AppSec just like ISO / BS. Some of the compliance bodies such as PCI already mandate adhering to OWASP Top10 for PCI DSS compliance. This needs to extend to other regulatory bodies in different countries and requires close government interaction and representation by OWASP.

Objectives Identify top reasons and driving factors to work with Government of different countries Identify potential areas where OWASP and Government can work together Discuss Measurable benefits Identify possible ways on how to approach this initiative

Top reasons / Driving Factors Increasing regulatory compliance directives that mandate application security controls Lack of an official / recognized Application security standard that can be used to audit and assess the maturity level. Also there is a need for ASBOK (Application Security body of Knowledge). I understand OWASP Guide is there, but it needs to include regulatory part and mapping of application specific security controls. Lack of Certification & Accreditation criteria. National critical infrastructure protection boards are forming in various countries creating opportunities for bodies such as OWASP to provide guidance and advisory on AppSec issues. Participation in National research programs and policy frameworks Lack of formal Application Security programs in Academia (Universities, colleges etc.)

Top reasons / Driving Factors – Continued… To gain visibility amongst different Govt. agencies such as Ministry of IT & Communication, NIST, CERT, NIC (National Informatics Center), NTRO (National Technology Research Organization), RBI (Reserve Bank of India), Cyber Security & Defense Wing etc.. To leverage existing infrastructure base & financial grants to initiate new research projects Experience has shown that government security directives developed without proper integration of expert input yields unwieldy and ineffective controls (i.e. USA’s FISMA act of 2002)

Potential Areas to work together Help define policies and roadmap for strategic initiatives such as National Critical Infrastructure Protection Board, Homeland Security Initiatives etc. Help regulators / federal agencies define Application security controls for statutory compliance Mapping Application specific security controls of different Standards and regulations to OWASP Framework such as (NIST, PCI, ISO 27001, RBI, SOX / Clause 64 (India) etc..) Defining guidelines and Code of Practice document specific to different compliance requirements. Jointly work on new research projects Drive application security programs for Universities and other Academic and research institutions

Potential Areas to work together- Continued NIST/NSF RFI for “revolutionary ideas” for cybersecurity. Submissions due 15 Dec 08.

Measurable Benefits Potential opportunities to initiate new research projects with financial support from Govt. Gain wider reach, Increased visibility & representation at National level within different countries Increased participation from individuals, federal agencies and other bodies that are not participating currently Get positioned as a Standard Body for AppSec just like ISO/BS and also provide Accreditation and Certification function Contd….Add more

Possible ways to approach the initiative Institutionalize an OWASP Intra-Governmental Affairs Advisory Board (OIGAAB) which will work directly under the OWASP Foundation Board. This Board can have Task Forces designated for each country (Possibly Chapter leaders from respective countries can be identified to form these task forces) that will initiate interactions with Government bodies and work on identified areas to help achieve set objectives. Next slide depicts a sample structure:Next slide

Possible ways to approach the initiative- Continued OWASP Foundation Board Conferences OWASP Intra- Governmental Affairs Operations Committees and TF Committees And TF e.g.Research, Standards, Membership, Finance, OWASP Intra-Governmental Affairs Advisory Board, etc Committees and task forces – Country Specific Committees And TF Committees And TF Committees And TF OWASP Intra-Governmental Affairs Advisory Board (OIGAAB) – Sample Sturcture

Mission Statement- OIGAAB Mission : to ensure that OWASP’s dealings with governmental and regulatory agencies (where the impact on OWASP is potentially multinational) are coherent and consistent, making effective use of resources and global perspective for the benefit of members and constituents. Types of organizations: Governmental and regulatory agencies Economic international entities Professional bodies that regulate or influence regulators SampleGeographic task forces: Sample Europe (Could be sub divided further) Asia (India, China, Hong Kong, Taiwan etc..) Americas

OWASP Intra-Governmental Affairs Advisory Board- Typical Activities Collaborate with/advise standard-setting bodies Promote recognition of OWASP Projects & other materials Encourage adoption of OWASP frameworks (to be positioned as a standard) for improvement of Application Security Disseminate to OWASP’s constituents information from multinational agencies on professional issues Promote OWASP education and membership Promote awareness and recognition of OWASP’s knowledge base Contribute to research projects and disseminate research results Add more…..