Culture and Org. -> Process: Approval by reviewing any new version
Risk and Opportunity
Risk: An individual might forget to implement security measures to protect source code or infrastructure components.
Opportunity: On each new version (e.g. Pull Request) of source code or infrastructure components a security peer review of the changes is performed (two eyes principle) and approval given by the reviewer.
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low
OWASP SAMM 1 Mapping: IR1-B
ISO27001:2017 Controls Mapping:
- peer review - four eyes principle is not explicitly required by ISO 27001