Following the release of the Introduction for Developers in February, the OWASP AppSensor team has now created and published a new document aimed at Chief Information Security Officers (CISOs) and others with similar responsibilities.
The CISO Briefing is a high-level overview, with pointers to the more detailed resources for specifiers, architects, developers and operators.
I incorporated several quotations from industry analysts, reports and standards to help set the context in the current security environment. The quotations are all publicly available but are mostly not OWASP AppSensor specific — instead they illustrate current trends and concerns about attack visibility, real-time detection, the need for automation, runtime application self-protection (RASP), and active defences.
The 12 pages comprise the following:
- Defending Software Applications
- Detect and Respond to Attacks From Within the Application
- Benefits For Organizations and Users
- Lower information security risk
- Improved compliance
- Reduced impact of attacks and breaches
- Increased system survivability
- Enterprise Ready
- Extremely low false positives
- Intelligence driven security
- Low system resource overhead
- Machine-speed response
- Next Steps
- Additional AppSensor Resources
- About OWASP.
The CISO Briefing can be downloaded free of charge as a PDF, or purchased at cost in hardcopy from Lulu.com. There will also be some copies available during the CISO track at the AppSec EU conference in May.
Posted on: 24 April 2015 at 08:54 hrs