Fork me on GitHub

Culture and Organization -> Design: Information security targets are communicated

Risk and Opportunity

Risk: Employees don't known their organizations security targets. Therefore security is not considered during development and administration as much as it should be.
Opportunity: Transparent and timely communication of the security targets by senior management is essential to ensure teams' buy-in and support.

Additional Information

Usefulness and Requirements of this Activity

Usefullness: High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

OWASP SAMM VERSION 2

ISO27001 2017