Fork me on GitHub

Culture and Org. -> Education and Guidance: Security-Lessoned-Learned

Risk and Opportunity

Risk: After an incident, a similar incident might reoccur.
Opportunity: Running a 'lessons learned' session after an incident helps drive continuous improvement. Regular meetings with security champions are a good place to share and discuss lessons learned.

Exploit details

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very Low

OWASP SAMM 1 Mapping: IM-3, ST-3, SR2-B
ISO27001:2017 Controls Mapping: