Culture and Org. -> Education and Guidance: Security-Lessoned-Learned
Risk and Opportunity
Risk: After an incident, a similar incident might reoccur.
Opportunity: Running a 'lessons learned' session after an incident helps drive continuous improvement. Regular meetings with security champions are a good place to share and discuss lessons learned.
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very Low
OWASP SAMM 1 Mapping: IM-3, ST-3, SR2-B
ISO27001:2017 Controls Mapping: