Skip to content

0ccupi3R/security-champions-playbook

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 

Repository files navigation

Mentioned in Awesome DevSecOps

Intro

Security Champions Playbook is a project started in preparation for the presentation "Security Champions 2.0" at OWASP Bucharest AppSec Conference 2017. It describes the main steps for fast establishment of a Security Champions program regardless of the company size and maturity of the existing security processes.

Who are the Security Champions?

According to OWASP definition, Security Champions are "active members of a team that may help to make decisions about when to engage the Security Team". They act as a core element of security assurance process within the product or service, and hold the role of the Single Point of Contact (SPOC) within the team.

More information about the Champions: https://www.owasp.org/index.php/Security_Champions

What benefits do Champions bring to my company?

Main advantages of having a team of Security Champions:

  • Scaling security through multiple teams
  • Engaging "non-security" folks
  • Establishing the security culture

Security Champions Playbook

To keep it simple, I've listed six easy-to-follow steps with clarifications for each step. Chapters include general recommendations, links to known good sources as well as personal experience. I will be happy to hear your feedback and update the playbook. Current version:


Simplified diagram

alt text

About

Security Champions Playbook v 1.1

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published