Fork me on GitHub

CultureAndOrganization -> Process: Prevention of unauthorized installation

Risk and Opportunity

Risk: Unapproved components are used.
Opportunity: Components must be whitelisted. Regular scans on the docker infrastructure (e.g. cluster) need to be performed, to verify that only standardized base images are used.

Usefulness and Requirements of this Activitiy

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

Additional Information

Implementation hints:
Comments: By preventing teams from trying out new components, innovation might be hampered

OWASP SAMM VERSION 2

ISO27001 2017