Culture and Org. -> Education and Guidance: Regular security training for everyone
Risk and Opportunity
Risk: Understanding security is hard, for internal as well as external employees.
Opportunity: Regular security training for everyone.
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Low
Implementation hints: Often, external employees are not invited for interal trainings. This activity focuses on providing security trainings to internal as well as external employees. It is conducted every two weeks for around one hour.
OWASP SAMM 1 Mapping: EG2-B
ISO27001:2017 Controls Mapping: