Fork me on GitHub

CultureAndOrganization -> Education and Guidance: Regular security training for externals

Risk and Opportunity

Risk: Understanding security is hard.
Opportunity: Provide security awareness training for all personnel including externals involved in software development on a regular basis.

Usefulness and Requirements of this Activitiy

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Medium

Additional Information

Implementation hints:

OWASP SAMM VERSION 2

ISO27001 2017