Culture and Org. -> Education and Guidance: Conduction of build-it, break-it, fix-it contests
Risk and Opportunity
Risk: Understanding security is hard, even for security champions and the conduction of security training often focuses on breaking a component instead of building a component secure.
Opportunity: The build-it, break-it, fix-it contest allows to train people with security related roles like security champions the build, break and fix part of a secure application. This increases the learning of building secure components.
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very Low
Implementation hints: https://builditbreakit.org/
ISO27001:2017 Controls Mapping: