Culture and Org. -> Design: Creation of simple abuse stories
Risk and Opportunity
Risk: User stories mostly don't consider security implications. Security flaws are discovered too late in the development and deployment process.
Opportunity: Abuse stories are created during the creation of user stories.
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low
OWASP SAMM 1 Mapping: TA2-A
ISO27001:2017 Controls Mapping:
- not explicitly covered by ISO 27001
- may be part of project management
- may be part of risk assesment