CultureAndOrganization -> Education and Guidance: Reward of good communication
Risk and Opportunity
Risk: Employees are not getting excited about security.
Opportunity: Good communication and transparency encourages cross-organizational support. Gamification of security is also known to help, examples include T-Shirts, mugs, cups, giftcards and 'High-Fives'.
Usefulness and Requirements of this Activitiy
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Very Low
- Motivate people, Link, Tags: security champions gamification nudging
- OWASP Top 10 Maturity Categories for Security Champions, Link, Tags: security champions
OWASP SAMM VERSION 2
- not required by ISO 27001
- interestingly enough A7.2.3 is requiring a process to handle misconduct but nothing to promote good behavior.