Friday, May 22, 2009

Presenting at ISACA eSymposium on Application Security Programs

  The long weekend is almost here, and before you take off this Friday I wanted to let you know I'll be speaking at the ISACA eSymposium titled "Web Application Security: Intelligent Choices" on Tuesday!

  You can register for the event here, and I've included a synopsis from my talk below - hey, those CISSPs out there can even earn 3 CPE credits for taking a small quiz after!

  What better way to spend the day after a long weekend than listening to myself, Rich Mogull, Michael Shema, and Michael Sutton talk about making intelligent choices in building a web application security program?

In today's enterprise, Web Application Security has come front and center for security managers as well as the business. However, many well-funded, well-backed programs fail, because they miss the fundamental rule of problem solving -- understand the problem. The secret to success is simple -- understand your business context and build a program around that. How can you develop an actionable, business risk-driven program? Understanding your role is key, followed by successful identification of a cornerstone upon which to base the program. This presentation will teach you how to evaluate data value, application visibility and business exposure one step at-a-time and assign real, measurable risk. Participants will be given a strong foundation to succeed, so they don't end up solving problems the business doesn't have.
Hope to see you on there!  I'll be posting slides from the talk on Wednesday, to the usual place!  I'd love to hear your questions and comments after the talk.

Enjoy the long weekend!

No comments: