Fork me on GitHub

Culture and Org. -> Education and Guidance: Regular security training for all

Risk and Opportunity

Risk: Understanding security is hard.
Opportunity: Provide security awareness training for all personnel involved in software development on a regular basis like twice in a year for 1-3 days.

Exploit details

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints:
OWASP SAMM 1 Mapping: EG1-A
ISO27001:2017 Controls Mapping: