CultureAndOrganization -> Education and Guidance: Regular security training of security champions
Risk and Opportunity
Risk: Understanding security is hard, even for security champions.
Opportunity: Regular security training of security champions.
Evidence: - Process Documentation: TODO
- Training Content: TOODO
Usefulness and Requirements of this Activitiy
Usefullness: Very High
Required knowledge: High (two disciplines)
Required time: Low
Required resources (systems): Low
Dependencies: Each team has a security champion
- OWASP Cheatsheet Series, Link, Tags: secure coding
OWASP SAMM VERSION 2
- security champions are missing in ISO 27001