Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/c0rdis/security-champions-playbook

Security Champions Playbook v 2.1
https://github.com/c0rdis/security-champions-playbook

Last synced: about 1 month ago
JSON representation

Security Champions Playbook v 2.1

Host: GitHub
URL: https://github.com/c0rdis/security-champions-playbook
Owner: c0rdis
Created: 2017-10-10T06:35:38.000Z (about 7 years ago)
Default Branch: master
Last Pushed: 2023-09-25T07:19:07.000Z (about 1 year ago)
Last Synced: 2024-05-22T08:11:12.574Z (7 months ago)
Homepage:
Size: 396 KB
Stars: 322
Watchers: 27
Forks: 73
Open Issues: 1
Metadata Files:
- Readme: README.md
- Security: Security Playbook/1. Identify teams.md

Awesome Lists containing this project

awesome-dev-first-security - Security Champions Playbook
awesome-devsecops - Security Champions Playbook
awesome-hacking-lists - c0rdis/security-champions-playbook - Security Champions Playbook v 2.1 (Others)

README

[![Mentioned in Awesome DevSecOps](https://awesome.re/mentioned-badge-flat.svg)](https://github.com/devsecops/awesome-devsecops#guidelines)

# Intro
Security Champions Playbook is a project started in preparation for the presentation ["Security Champions 2.0"](https://www.owasp.org/images/3/3c/OWASP_Bucharest_2017_Antukh.pdf) at OWASP Bucharest AppSec Conference 2017. It describes the main steps for fast establishment of a Security Champions program regardless of the company size and maturity of the existing security processes.

# Who are the Security Champions?
Security Champions are "active members of a team that may help to make decisions about when to engage the Security Team". They act as a core element of security assurance process within the product or service, and hold the role of the Single Point of Contact (SPOC) within the team.

# What benefits do Champions bring to my company?
Main advantages of having a team of Security Champions:
* Scaling security through multiple teams
* Engaging "non-security" folks
* Establishing the security culture

# Security Champions Playbook
To keep it simple, I've listed six easy-to-follow steps with clarifications for each step.
Chapters include general recommendations, links to known good sources as well as personal
experience. I will be happy to hear your feedback and update the playbook. Current version:

### [1. Identify teams](Security%20Playbook/1.%20Identify%20teams.md)
### [2. Define the role](Security%20Playbook/2.%20Define%20the%20role.md)
### [3. Nominate Champions](Security%20Playbook/3.%20Nominate%20Champions.md)
### [4. Set up communication channels](Security%20Playbook/4.%20Set%20up%20communication%20channels.md)
### [5. Build solid knowledge base](Security%20Playbook/5.%20Build%20solid%20knowledge%20base.md)
### [6. Maintain interest](Security%20Playbook/6.%20Maintain%20interest.md)

---
# Simplified diagram
![alt text](assets/img/playbook.png)