Culture and Org. -> Education and Guidance: Regular security training of security champions
Risk and Opportunity
Risk: Understanding security is hard, even for security champions.
Opportunity: Regular security training of security champions.
Exploit details
Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Low
OWASP SAMM 1 Mapping: EG2-B
ISO27001:2017 Controls Mapping:
- security champions are missing in ISO 27001
- 7.2.2