CultureAndOrganization -> Education and Guidance: Security consulting on request
Risk and Opportunity
Risk: Not asking a security expert when questions regarding security appear might lead to flaws.
Opportunity: Security consulting to teams is given on request. The security consultants can be internal or external.
Usefulness and Requirements of this Activitiy
Required knowledge: Medium (two disciplines)
Required time: Very Low
Required resources (systems): Very Low
- OWASP Cheatsheet Series, Link, Tags: secure coding
OWASP SAMM VERSION 2
- security consulting is missing in ISO 27001 may be