Difference between revisions of "Security Champions Playbook"

Jump to: navigation, search
(initial commit)
(added diagram)
Line 33: Line 33:
= Simplified diagram =
= Simplified diagram =
[[File:Security Champions Playbook.png]]
[[File:Security Champions Playbook.png|thumb]]

Revision as of 09:37, 10 October 2017


Security Champions Playbook is a project started in preparation for the presentation "Security Champions 2.0" at OWASP Bucharest AppSec Conference 2017. It describes the main steps for fast establishment of a Security Champions program regardless of the company size and maturity of the existing security processes.

Who are the Security Champions?

According to OWASP definition, Security Champions are "active members of a team that may help to make decisions about when to engage the Security Team". They act as a core element of security assurance process within the product or service, and hold the role of the Single Point of Contact (SPOC) within the team.

More information about the Champions: https://www.owasp.org/index.php/Security_Champions

What benefits do Champions bring to my company?

Main advantages of having a team of Security Champions:

  • Scaling security through multiple teams
  • Engaging "non-security" folks
  • Establishing the security culture

Security Champions Playbook

To keep it simple, I've listed six easy-to-follow steps with clarifications for each step. Chapters include general recommendations, links to known good sources as well as personal experience. I will be happy to hear your feedback and update the playbook. Current version:

1. Identify teams

2. Define the role

3. Nominate Champions

4. Set up communication channels

5. Build solid knowledge base

6. Maintain interest

Simplified diagram

Security Champions Playbook.png