(ISC)2 Establishes International Application Security Advisory Board

Board consists of 14 software life-cycle professionals

November 23, 2010

Nov. 22, 2010 – (ISC)2' ("ISC-squared"), the world’s largest information security professional body and administrators of the CISSP', today announced the launch of its Application Security Advisory Board (ASAB), with representatives from Asia-Pacific, Europe and the Americas.

The Advisory Board was established to recommend ways to create awareness about the problem o f insecure software and help organizations infuse security into the software development lifecycle. The board consists of 14 software lifecycle professionals of similar seniority from the ranks of leading business, public, and non-government organizations around the world, including:

Andreas Fuchsberger, CISSP-ISSAP, CSSLP, lecturer in Information Security, Information Security Group, Royal Halloway, University of London, and security, privacy and identity standards lead, Microsoft Corp.

Sharon Hagi, CISSP, CSSLP, senior architect, IBM

Paco (Brian) Hope, CISSP, CSSLP, technical manager, Cigital

Ajoy Kumar, CSSLP, vice president, JP Morgan Chase

Robert Lai, CISSP-ISSAP, ISSEP, CAP, CSSLP, information assurance engineer, SAIC

Glenn Leifheit, CSSLP, lead security consultant, FICO and ASAB co-chair

Anthony Lim, CSSLP, director, security, Asia-Pacific, Rational Software, Suntec

Alessandro Moretti, CISSP, CSSLP, executive director, IT security risk management, UBS

Dr. Yiannis Pavlosoglou, chair, Global Industry Committee, OWASP

Hart Rossman, CSSLP, chief technology officer, SAIC

Bola Rotibi, CEng, research director, Creative Intellect Consulting Ltd.

Dave Stender, CISSP, CAP, CSSLP, associate chief information officer for cybersecurity and chief information security officer, U.S. Internal Revenue Service

Dr. Vehbi Tasar, CISSP, CSSLP, director, Professional Programs Development, (ISC) and ASAB co-chair

Richard Tychansky, CISSP-ISSEP, CAP, CSSLP, information assurance engineer, Lockheed Martin Corp.

The board held its inaugural meeting Nov. 19 in Orlando, Fla. where they discussed the state of secure software and made recommendations on, among other topics, how to gain support for and overcome the problems caused by the proliferation of insecure software. Several members hold (ISC)’s Certified Secure Software Lifecycle Professional (CSSLP') certification. The CSSLP, which recently became accredited under ANSI/ISO/IEC Standard 17024, was created to stem the proliferation of software vulnerabilities by establishing best practices and validating an individual’s competency in addressing security issues throughout the software lifecycle.

"Software vulnerabilities are one of the most pressing issues in security today with 80 percent of attacks occurring at the application layer, and we are confident this group of elite software and security professionals will bring valuable insights and ideas as to how we as a community can have an impact on this issue," said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC).

The (ISC) ASAB will meet virtually on a quarterly basis and in-person annually. (ISC)2 has existing advisory boards for the Americas, U.S. federal government, Europe and Asia-Pacific.

About (ISC)2

Media Contact:

Mike Kilroy or Juliette Mutzke

Maples Communications, Inc.

(949) 855-3555

[email protected]