Fork me on GitHub

Culture and Org. -> Education and Guidance: Each team has a security champion

Risk and Opportunity

Risk: No one feels directly responsible for security and the security champion does not have enough time to allocate to each team.
Opportunity: Each team defines an individual to be responsible for security. These individuals are often referred to as 'security champions'

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints:
OWASP SAMM 1 Mapping: EG2-B
ISO27001:2017 Controls Mapping: