Culture and Organization -> Design: Information security targets are communicated
Risk and Opportunity
Risk: Employees don't known their organizations security targets. Therefore security is not considered during development and administration as much as it should be.
Opportunity: Transparent and timely communication of the security targets by senior management is essential to ensure teams' buy-in and support.
Usefulness and Requirements of this Activity
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
OWASP SAMM VERSION 2