Fork me on GitHub

Build and Deployment -> Deployment: Defined decommissioning process

Risk and Opportunity

Risk: Not used applications erode and are not maintained. As an evil actor, I exploit known vulnerabilities in the not maintained applicaitons to perform latteral movement within the organization.
Opportunity: By having a clear decommissioning process, applicaitons not used are not running anymore and can therefore not be explointed.

Usefulness and Requirements of this Activity

Usefullness: Low
Required knowledge: Very Low (one discipline)
Required time: Low
Required resources (systems): Very Low

OWASP SAMM VERSION 2

ISO27001 2017