This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Security Champions Playbook"
(initial commit) |
(fixed link) (Tag: Visual edit) |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
= Intro = | = Intro = | ||
− | Security Champions Playbook is a project started in preparation for the presentation [https://www.owasp.org/ | + | Security Champions Playbook is a project started in preparation for the presentation [https://www.owasp.org/images/3/3c/OWASP_Bucharest_2017_Antukh.pdf "Security Champions 2.0"] at OWASP Bucharest AppSec Conference 2017. It describes the main steps for fast establishment of a Security Champions program regardless of the company size and maturity of the existing security processes. |
Line 33: | Line 33: | ||
= Simplified diagram = | = Simplified diagram = | ||
− | + | [[File:Security Champions Playbook.png]] | |
− | [[File:Security Champions Playbook.png | ||
− |
Latest revision as of 18:49, 23 October 2017
Intro
Security Champions Playbook is a project started in preparation for the presentation "Security Champions 2.0" at OWASP Bucharest AppSec Conference 2017. It describes the main steps for fast establishment of a Security Champions program regardless of the company size and maturity of the existing security processes.
Who are the Security Champions?
According to OWASP definition, Security Champions are "active members of a team that may help to make decisions about when to engage the Security Team". They act as a core element of security assurance process within the product or service, and hold the role of the Single Point of Contact (SPOC) within the team.
More information about the Champions: https://www.owasp.org/index.php/Security_Champions
What benefits do Champions bring to my company?
Main advantages of having a team of Security Champions:
- Scaling security through multiple teams
- Engaging "non-security" folks
- Establishing the security culture
Security Champions Playbook
To keep it simple, I've listed six easy-to-follow steps with clarifications for each step. Chapters include general recommendations, links to known good sources as well as personal experience. I will be happy to hear your feedback and update the playbook. Current version: