Fork me on GitHub

Culture and Org. -> Education and Guidance: Regular security training for everyone

Risk and Opportunity

Risk: Understanding security is hard, for internal as well as external employees.
Opportunity: Regular security training for everyone.

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Low

Additional Information

Implementation hints: Often, external employees are not invited for interal trainings. This activity focuses on providing security trainings to internal as well as external employees. It is conducted every two weeks for around one hour.
OWASP SAMM 1 Mapping: EG2-B
ISO27001:2017 Controls Mapping: