Culture and Org. -> Education and Guidance: Security consulting on request
Risk and Opportunity
Risk: Not asking a security expert when questions regarding security appear might lead to flaws.
Opportunity: Security consulting to teams is given on request. The security consultants can be internal or external.
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
OWASP SAMM 1 Mapping: EG2-B
ISO27001:2017 Controls Mapping:
- security consulting is missing in ISO 27001 may be