OWASP Threat and Safeguard Matrix (TaSM)

The Threat and Safeguard Matrix or (TaSM)(https://owasp.org/www-project-threat-and-safeguard-matrix/) is an action oriented view to safeguard and enable the business created by Ross Young. Simply put if Cyber is in the business of Revenue Protection, then we need to have a defense in depth plan to combat the biggest threats to our companies. This matrix allows a company to overlay their major threats with the NIST Cyber Security Functions (Identify, Protect, Detect, Respond, & Recover) to build a robust security plan. Organizations which perform this activity will gain a better understanding of how to protect their company as they fill in safeguards which mitigate important threats. Remember the devil is in the details, hence why we chose a TaSManian Devil as the project logo.

Ross Young is the CISO of Caterpillar Financial, a lecturer at Johns Hopkins University, and a SANS instructor. Prior to this role, he was a divisional CISO at Capital One. His expertise ranges from attacking financial services for the federal government to defending organizations by automating defenses in DevSecOps pipelines. He is actively involved in all things cloud, container, and Kubernetes security. Ross holds master's and bachelor's degrees from Johns Hopkins University, Idaho State University, and Utah State University. Ross's interest in pirates and ninjas have inspired him to stealthily enable and safeguard the business without the paperwork.