Culture and Org. -> Education and Guidance: Aligning security in teams
Risk and Opportunity
Risk: The concept of Security Champions might suggest that only he/she is responsible for security. However, everyone in the project team should be responsible for security.
Opportunity: By aligning security SME with project teams, a higher security standard can be achieved.
Usefullness: Very High
Required knowledge: High (two disciplines)
Required time: Very High
Required resources (systems): Very Low
Implementation hints: Security SME are involved in discussion for requirements analysis, software design and sprint planning to provide guidance and suggestions.
OWASP SAMM 1 Mapping: EG2-B
ISO27001:2017 Controls Mapping: