CultureAndOrganization -> Education and Guidance: Conduction of war games
Risk and Opportunity
Risk: Understanding incident response plans during an incident is hard and ineffective.
Opportunity: War Games like activities help train for incidents. Security SMEs create attack scenarios in a testing environment enabling the trainees to learn how to react in case of an incident.
Usefulness and Requirements of this Activitiy
Required knowledge: High (two disciplines)
Required time: Very High
Required resources (systems): High
OWASP SAMM VERSION 2
- ware games are not explicitly required in ISO 27001 may be