According to the 2013 Chief Information Security Officers survey, 75 percent of CISOs responded that external attacks had increased. 70 percent said web applications represent an area of risk higher than network infrastructure. The increased investment in application security brings new challenges for CISOs since securing web applications and software requires a different set of capabilities and skills outside the traditional information security domains. The OWASP application security guide for CISO aims to help CISOs in setting an application security strategy that includes the following strategic activities.”]
Source: https://www.csoonline.com/article/2134064/attention–cisos–strategy-is-the-only-security.html