Metrics, metrics everywhere - from which ones I should be scared?

  Рет қаралды 224

OWASP Foundation

OWASP Foundation

Күн бұрын

The rapidly evolving landscape of application security (Appsec) necessitates the implementation of effective metrics to gauge the effectiveness of security measures. However, the abundance of available metrics can overwhelm organizations, making it crucial to identify the metrics that truly matter and those that should instill concern. This session will explore the realm of Appsec metrics and guide attendees on distinguishing between valuable indicators and potentially alarming ones. Drawing upon industry best practices and real-world examples, participants will gain insights into selecting metrics that align with their organization's security goals and risk appetite, aiming to raise the AppSec maturity of the organization. The session will delve into the various categories of Appsec metrics, including vulnerability density, time to remediation, and exploitability. By examining these metrics in-depth, participants will learn to discern whether specific metrics reflect healthy security practices or signal potential vulnerabilities that demand immediate attention. The session will also address the challenges associated with interpreting and contextualizing Appsec metrics. Attendees will acquire the understanding and will get a review of some tools necessary to effectively communicate security metrics to stakeholders, facilitating informed decision-making and fostering a proactive security culture within their organizations. The goal of his session is to empower attendees to navigate the ocean of Appsec metrics, enabling them to identify metrics that warrant concern, prioritize remediation efforts, and drive continuous improvement in their organization's application security posture.
Maria Schwenger
BotCopy
Associate Director Cyber Security : DevSecOps
ATLANTA, GA
Maria is an innovative cloud transformation and cybersecurity leader well-known for leading multiple successful implementations of the modern vision of cloud optimization, DevSecOps, and data protection, and for her leadership in executing complex digital transformation programs in areas like IOT/Edge, AI, and Big Data Analytics. The results of her work demonstrate a multitude increase of return on investments, business efficiency, and productivity gains in delivering business capabilities.
Srdan Reljic
Srdan Reljic is an accomplished technology executive and a cyber security practitioner with a knack for driving innovation and creating strategic value with extensive hands-on experience in applying cloud native and open source technology to infuse security at every level. His interests lie in secure developer enablement, platform and data engineering, and AI and web3 security.
Managed by the OWASP® Foundation
owasp.org/

Пікірлер
Metrics that Matter: How to Choose Cloud Security KPIs For Your Business
46:53
mWISE Conference (from Mandiant)
Рет қаралды 77
小丑女COCO的审判。#天使 #小丑 #超人不会飞
00:53
超人不会飞
Рет қаралды 16 МЛН
Try this prank with your friends 😂 @karina-kola
00:18
Andrey Grechka
Рет қаралды 9 МЛН
Mom Hack for Cooking Solo with a Little One! 🍳👶
00:15
5-Minute Crafts HOUSE
Рет қаралды 23 МЛН
Maximizing the Value of Agile Metrics
44:43
LeadingAgile
Рет қаралды 979
A brief introduction of the HackRF and Portapack H2 with MAYHEM Firmware
5:50
ADHD Relief Music - Deep Focus Music for Concentration - Study Music
Greenred Productions - Relaxing Music
Рет қаралды 50
Google I/O 2009 - The Myth of the Genius Programmer
55:17
Google for Developers
Рет қаралды 1,1 МЛН
Fear of Speaking? - Overcome Your Fear of Public Speaking
2:54
Rule The Room
Рет қаралды 288 М.
Cybersecurity Architecture: Application Security
16:36
IBM Technology
Рет қаралды 84 М.
Treat Cybersecurity as a Business Decision
17:15
Gartner
Рет қаралды 928
Using Technology to Improve Investigations of Sexual and Gender-based Crimes | ASP23 Side Event
1:40:22
Hack your grades
38:17
David Bombal
Рет қаралды 202 М.
小丑女COCO的审判。#天使 #小丑 #超人不会飞
00:53
超人不会飞
Рет қаралды 16 МЛН