OWASP Intra-Governmental Affairs - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

OWASP Intra-Governmental Affairs

Description:

Title: OWASP Intra-Governmental Affairs Last modified by: dc Document presentation format: Custom Other titles: Helvetica Neue Light Arial Helvetica Neue Calibri ... – PowerPoint PPT presentation

Number of Views:124
Avg rating:3.0/5.0
Slides: 13
Provided by: owaspOrg88
Category:

less

Transcript and Presenter's Notes

Title: OWASP Intra-Governmental Affairs


1
OWASP Intra-Governmental Affairs
  • David Campbell
  • dcampbell_at_owasp.org
  • Denver Chapter
  • Puneet Mehta
  • Puneet.mehta_at_owasp.org
  • Delhi Chapter

2
Overview
  • OWASP is a globally recognized body for Web
    Application Security guidance and frameworks.
    OWASP materials are used worldwide by
    organizations and individuals to provide a
    reliable enterprise application security
    programs. The Open community model of OWASP has
    already grabbed the attention of thousands of
    security professionals worldwide who contribute
    to OWASPs ongoing initiatives and this number is
    growing everyday.
  • While the above is helping strengthen OWASPs
    credibility, there is a greater need to position
    OWASP amongst Government of different countries.
    This is required to promote OWASP as a standard
    body for AppSec just like ISO / BS.
  • Some of the compliance bodies such as PCI already
    mandate adhering to OWASP Top10 for PCI DSS
    compliance. This needs to extend to other
    regulatory bodies in different countries and
    requires close government interaction and
    representation by OWASP.

3
Objectives
  • Identify top reasons and driving factors to work
    with Government of different countries
  • Identify potential areas where OWASP and
    Government can work together
  • Discuss Measurable benefits
  • Identify possible ways on how to approach this
    initiative

4
Top reasons / Driving Factors
  • Increasing regulatory compliance directives that
    mandate application security controls
  • Lack of an official / recognized Application
    security standard that can be used to audit and
    assess the maturity level . Also there is a need
    for ASBOK (Application Security body of
    Knowledge). I understand OWASP Guide is there ,
    but it needs to include regulatory part and
    mapping of application specific security controls
    .
  • Lack of Certification Accreditation criteria.
  • National critical infrastructure protection
    boards are forming in various countries creating
    opportunities for bodies such as OWASP to provide
    guidance and advisory on AppSec issues.
  • Participation in National research programs and
    policy frameworks
  • Lack of formal Application Security programs in
    Academia (Universities, colleges etc.)

5
Top reasons / Driving Factors Continued
  • To gain visibility amongst different Govt.
    agencies such as Ministry of IT Communication,
    NIST, CERT, NIC (National Informatics Center),
    NTRO (National Technology Research Organization),
    RBI (Reserve Bank of India), Cyber Security
    Defense Wing etc..
  • To leverage existing infrastructure base
    financial grants to initiate new research
    projects
  • Experience has shown that government security
    directives developed without proper integration
    of expert input yields unwieldy and ineffective
    controls (i.e. USAs FISMA act of 2002)

6
Potential Areas to work together
  • Help define policies and roadmap for strategic
    initiatives such as National Critical
    Infrastructure Protection Board, Homeland
    Security Initiatives etc.
  • Help regulators / federal agencies define
    Application security controls for statutory
    compliance
  • Mapping Application specific security controls of
    different Standards and regulations to OWASP
    Framework such as (NIST, PCI, ISO 27001, RBI, SOX
    / Clause 64 (India) etc..)
  • Defining guidelines and Code of Practice document
    specific to different compliance requirements.
  • Jointly work on new research projects
  • Drive application security programs for
    Universities and other Academic and research
    institutions

7
Potential Areas to work together- Continued
  • NIST/NSF RFI for revolutionary ideas for
    cybersecurity. Submissions due 15 Dec 08.
    http//www.fcw.com/online/news/154063-1.html?type
    pf

8
Measurable Benefits
  • Potential opportunities to initiate new research
    projects with financial support from Govt.
  • Gain wider reach, Increased visibility
    representation at National level within different
    countries
  • Increased participation from individuals, federal
    agencies and other bodies that are not
    participating currently
  • Get positioned as a Standard Body for AppSec just
    like ISO/BS and also provide Accreditation and
    Certification function
  • Contd.Add more

9
Possible ways to approach the initiative
  • Institutionalize an OWASP Intra-Governmental
    Affairs Advisory Board (OIGAAB) which will work
    directly under the OWASP Foundation Board.
  • This Board can have Task Forces designated for
    each country (Possibly Chapter leaders from
    respective countries can be identified to form
    these task forces) that will initiate
    interactions with Government bodies and work on
    identified areas to help achieve set objectives.
  • Next slide depicts a sample structure

10
Possible ways to approach the initiative-
Continued
OWASP Foundation Board
OWASP Intra-Governmental Affairs
e.g.Research, Standards, Membership, Finance,
OWASP Intra-Governmental Affairs Advisory Board,
etc
Operations
Conferences
Committees and TF
Committees And TF
Committees And TF
Committees And TF
Committees And TF
Committees and task forces Country Specific
OWASP Intra-Governmental Affairs Advisory Board
(OIGAAB) Sample Sturcture
11
Mission Statement- OIGAAB
  • Mission to ensure that OWASPs dealings with
    governmental and regulatory agencies (where the
    impact on OWASP is potentially multinational) are
    coherent and consistent, making effective use of
    resources and global perspective for the benefit
    of members and constituents. Types of
    organizations
  • Governmental and regulatory agencies
  • Economic international entities
  • Professional bodies that regulate or influence
    regulators
  • Geographic task forces Sample
  • Europe (Could be sub divided further)
  • Asia (India, China, Hong Kong, Taiwan etc..)
  • Americas

12
OWASP Intra-Governmental Affairs Advisory Board-
Typical Activities
  • Collaborate with/advise standard-setting bodies
  • Promote recognition of OWASP Projects other
    materials
  • Encourage adoption of OWASP frameworks (to be
    positioned as a standard) for improvement of
    Application Security
  • Disseminate to OWASPs constituents information
    from multinational agencies on professional
    issues
  • Promote OWASP education and membership
  • Promote awareness and recognition of OWASPs
    knowledge base
  • Contribute to research projects and disseminate
    research results
  • Add more..
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "OWASP Intra-Governmental Affairs" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!