{"id":589,"date":"2021-07-08T10:34:56","date_gmt":"2021-07-08T02:34:56","guid":{"rendered":"https:\/\/choson.lifenet.com.tw\/?p=589"},"modified":"2023-03-29T16:30:50","modified_gmt":"2023-03-29T08:30:50","slug":"owasp-samm-%e5%ae%89%e5%85%a8%e5%86%a0%e8%bb%8dsecurity-champion","status":"publish","type":"post","link":"https:\/\/choson.lifenet.com.tw\/?p=589","title":{"rendered":"OWASP SAMM-\u5b89\u5168\u51a0\u8ecd(Security Champion)"},"content":{"rendered":"\n<p><img decoding=\"async\" src=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210708\/20132160RNc4aOFNZ3.png\" alt=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210708\/20132160RNc4aOFNZ3.png\"><br>-SAMM \u6982\u8ff0\uff08\u4f86\u6e90\uff1ahttps : \/\/owaspsamm.org\uff09<br>\u6587\u5316\u6709\u4e0d\u540c\u7684\u80cc\u666f\u6216\u5c64\u6b21\uff0c\u4f8b\u5982\u5b89\u5168\u6587\u5316\u3001\u7d44\u7e54\u6587\u5316\u6216\u6c11\u65cf\u6587\u5316\u3002\u9ad8\u7d1a\u7ba1\u7406\u5c64\u662f\u5728\u7d44\u7e54\u5c64\u9762\u63d0\u5347\u5b89\u5168\u610f\u8b58\u548c\u6587\u5316\u7684\u597d\u4eba\u9078\uff1b\u7136\u800c\uff0c\u5b89\u5168\u51a0\u8ecd\u5728\u8edf\u9ad4\u958b\u767c\u4e2d\u662f\u66f4\u5408\u9069\u7684\u89d2\u8272\u3002<\/p>\n\n\n\n<p><strong>\u5b89\u5168\u51a0\u8ecd\u548c OWASP SAMM(Security Champion and OWASP SAMM)<\/strong><br>\u5b89\u5168\u51a0\u8ecd\u662f\u8edf\u9ad4\u5b89\u5168\u4e3b\u984c\u5c08\u5bb6\uff0c\u4ed6\u5011\u5728 OWASP \u8edf\u9ad4\u4fdd\u969c\u6210\u719f\u5ea6\u6a21\u578b (SAMM) \u4e2d\u7d44\u7e54\u548c\u6587\u5316\u7684\u6210\u719f\u5ea6\u7d1a\u5225 1 \u4e2d\u767c\u63ee\u8457\u95dc\u9375\u4f5c\u7528\u3002\u63d0\u540d\u4e00\u540d\u6210\u54e1\uff0c\u4f8b\u5982\u8edf\u9ad4\u958b\u767c\u4eba\u54e1\u3001\u6e2c\u8a66\u4eba\u54e1\u6216\u7522\u54c1\u7d93\u7406\uff0c\u4f5c\u70ba\u5b89\u5168\u64c1\u8b77\u8005\uff0c\u6709\u52a9\u65bc\u5c07\u5b89\u5168\u5d4c\u5165\u5230\u958b\u767c\u7d44\u7e54\u4e2d\u3002<br>. \u5b89\u5168\u51a0\u8ecd\u63a5\u53d7\u9069\u7576\u7684\u57f9\u8a13\u3002<br>. \u61c9\u7528\u7a0b\u5e8f\u5b89\u5168\u548c\u958b\u767c\u5718\u968a\u6703\u5b9a\u671f\u6536\u5230\u5b89\u5168\u51a0\u8ecd\u95dc\u65bc\u5b89\u5168\u8a08\u5283\u548c\u4fee\u5fa9\u6574\u9ad4\u72c0\u614b\u7684\u7c21\u5831\u3002<br>. \u5b89\u5168\u51a0\u8ecd\u5728\u6dfb\u52a0\u5230\u61c9\u7528\u7a0b\u5e8f\u7a4d\u58d3\u4e4b\u524d\u5be9\u67e5\u5916\u90e8\u6e2c\u8a66\u7684\u7d50\u679c\u3002<\/p>\n\n\n\n<p><strong>\u9ad8\u7d1a\u7ba1\u7406\u4eba\u54e1(Senior Management)<\/strong><br>\u9ad8\u7d1a\u7ba1\u7406\u4eba\u54e1\u662f\u653b\u64ca\u7684\u9ad8\u512a\u5148\u7d1a\u76ee\u6a19\u3002\u70ba\u9ad8\u7d1a\u7ba1\u7406\u5c64\u5236\u5b9a\u5b89\u5168\u610f\u8b58\u8a08\u5283\u81f3\u95dc\u91cd\u8981\u3002\u4ed6\u5011\u5fc5\u9808\u4ee5\u8eab\u4f5c\u5247\uff0c\u7406\u89e3\u548c\u9075\u5b88\u5b89\u5168\u653f\u7b56\uff0c\u7d55\u4e0d\u61c9\u8a72\u88ab\u767c\u73fe\u8aaa\u58de\u8a71\u6216\u81ea\u76f8\u77db\u76fe\u7684\u653f\u7b56\u3002<\/p>\n\n\n\n<p><strong>\u5b89\u5168\u6587\u5316(Security Culture)<\/strong><br>. \u6587\u5316\u672c\u8cea\u4e0a\u662f\u201c\u4e00\u7d44\u7528\u8a9e\u8a00\u8868\u9054\u7684\u5171\u540c\u7406\u89e3\u201d\u6216\u201c\u610f\u7fa9\u7684\u5171\u4eab\u6a21\u5f0f\u201d\u6216\u201c\u8207\u7d44\u7e54\u7d50\u69cb\u548c\u63a7\u5236\u7cfb\u7d71\u76f8\u4e92\u4f5c\u7528\u4ee5\u7522\u751f\u884c\u70ba\u898f\u7bc4\u7684\u5171\u4eab\u50f9\u503c\u89c0\u548c\u4fe1\u5ff5\u201d\u3002\u5982\u679c\u53ef\u4ee5\u8b49\u660e\u6587\u5316\u6703\u5f71\u97ff\u5b89\u5168\u7d50\u679c\uff0c\u90a3\u9ebc\u6587\u5316\u5728\u5b89\u5168\u74b0\u5883\u4e2d\u5c31\u6703\u5f15\u8d77\u4eba\u5011\u7684\u8208\u8da3\u3002( IEEE )<br>. \u8cc7\u8a0a\u5b89\u5168\u6587\u5316\u6307\u5c0e\u7d44\u7e54\u5728\u8cc7\u8a0a\u5b89\u5168\u65b9\u9762\u7684\u5de5\u4f5c\uff0c\u4ee5\u4fdd\u8b77\u8cc7\u8a0a\u8cc7\u7522\u548c\u5f71\u97ff\u54e1\u5de5\u7684\u5b89\u5168\u884c\u70ba\u3002( IEEE )<\/p>\n\n\n\n<p>\u53c3\u8003<br>.&nbsp;<a href=\"https:\/\/owaspsamm.org\/guidance\/agile\/\" target=\"_blank\" rel=\"noreferrer noopener\">SAMM \u654f\u6377\u6307\u5357<\/a><br>.&nbsp;<a href=\"https:\/\/owasp.org\/www-project-cornucopia\/\" target=\"_blank\" rel=\"noreferrer noopener\">OWASP\u805a\u5bf6\u76c6<\/a><br>.&nbsp;<a href=\"https:\/\/csrc.nist.gov\/CSRC\/media\/Events\/Federal-Information-Systems-Security-Educators-As\/documents\/9.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">IT \u5b89\u5168\u57f9\u8a13\u548c\u610f\u8b58\u8a08\u5283\u7684\u904a\u6232\u5316<\/a><br>.&nbsp;<a href=\"https:\/\/techbeacon.com\/security\/6-ways-develop-security-culture-top-bottom\" target=\"_blank\" rel=\"noreferrer noopener\">\u5f9e\u4e0a\u5230\u4e0b\u767c\u5c55\u5b89\u5168\u6587\u5316\u7684 6 \u7a2e\u65b9\u6cd5<\/a><br>.&nbsp;<a href=\"https:\/\/www.icao.int\/Meetings\/AVSEC2018\/Documents\/Security%20Culture%20Workshop.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">\u570b\u969b\u6c11\u822a\u7d44\u7e54 AVSEC2018<\/a><br>.&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Security_culture\" target=\"_blank\" rel=\"noreferrer noopener\">\u5b89\u5168\u6587\u5316<\/a><br>.&nbsp;<a href=\"http:\/\/www.pacis-net.org\/file\/2010\/S11-03.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">\u5d4c\u5165\u8cc7\u8a0a\u5b89\u5168\u6587\u5316 \u65b0\u51fa\u73fe\u7684\u554f\u984c\u548c\u6311\u6230<\/a><br>.&nbsp;<a href=\"https:\/\/www.securitymagazine.com\/articles\/93980-how-to-build-a-culture-of-security\" target=\"_blank\" rel=\"noreferrer noopener\">\u5982\u4f55\u5efa\u7acb\u5b89\u5168\u6587\u5316<\/a><\/p>\n\n\n\n<p>\u8cc7\u6599\u4f86\u6e90\uff1a\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/wentzwu.com\/2021\/04\/18\/cissp-practice-questions-20210419\/\" target=\"_blank\">Wentz Wu QOTD-202104019<\/a><\/p>\n\n\n\n<p>PS:\u6b64\u6587\u7ae0\u7d93\u904e\u4f5c\u8005\u540c\u610f\u520a\u767b \u4e26\u4e14\u6388\u6b0a\u53ef\u4ee5\u7ffb\u8b6f\u6210\u4e2d\u6587<\/p>\n","protected":false},"excerpt":{"rendered":"<p>-SAMM \u6982\u8ff0\uff08\u4f86\u6e90\uff1ahttps : \/\/owaspsamm.org\uff09\u6587\u5316\u6709\u4e0d\u540c\u7684\u80cc\u666f\u6216\u5c64\u6b21\uff0c\u4f8b\u5982\u5b89\u5168\u6587\u5316\u3001 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-589","post","type-post","status-publish","format-standard","hentry","category-cisspcertified-information-systems-security-professional"],"_links":{"self":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=589"}],"version-history":[{"count":2,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/589\/revisions"}],"predecessor-version":[{"id":2846,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/589\/revisions\/2846"}],"wp:attachment":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}