From 35c59e90ab61cbcb24980d64556d7386bd523961 Mon Sep 17 00:00:00 2001 From: robinvanloonOWASP Date: Mon, 21 Oct 2024 19:24:45 +0200 Subject: [PATCH] Fixed bullet points --- docs/manifesto.md | 2 +- ...2_Start_with_a_clear_vision_for_your_program.md | 1 + docs/principles/08_Reward_responsibility.md | 1 + docs/principles/index.md | 14 ++++++++++++++ mkdocs.yml | 6 +++++- 5 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 docs/principles/index.md diff --git a/docs/manifesto.md b/docs/manifesto.md index 53fc1e9..c6c63db 100644 --- a/docs/manifesto.md +++ b/docs/manifesto.md @@ -3,7 +3,7 @@ The OWASP Security Champions Manifesto is a set of guiding principles crucial to The principles have been drawn from an initial series of in-depth interviews with Application Security leaders from across the globe as part of our wider goal to provide a comprehensive Security Champions playbook. ## Key principles -The Ten Key Principles for a Successful Security Champions Program: +The Ten Key Principles of a Successful Security Champions Program: 1. [Be passionate about security](principles/01_Be_passionate_about_security.md) 2. [Start with a clear vision for your program](principles/02_Start_with_a_clear_vision_for_your_program.md) diff --git a/docs/principles/02_Start_with_a_clear_vision_for_your_program.md b/docs/principles/02_Start_with_a_clear_vision_for_your_program.md index aedc3a8..ca6a6d8 100644 --- a/docs/principles/02_Start_with_a_clear_vision_for_your_program.md +++ b/docs/principles/02_Start_with_a_clear_vision_for_your_program.md @@ -15,6 +15,7 @@ There are several angles for defining a vision for security champions. The most ## How A successful vision must be: + * Imaginable:
Convey a clear picture of what the future will look like. Translating this to your security champions program, you can consider drawing a security operating model with the roles and responsibilities of the security champions, dev(ops) engineers, IT Leads, Product Owner, and security organizations. * Desirable:
diff --git a/docs/principles/08_Reward_responsibility.md b/docs/principles/08_Reward_responsibility.md index 4d16dec..a5d5632 100644 --- a/docs/principles/08_Reward_responsibility.md +++ b/docs/principles/08_Reward_responsibility.md @@ -15,6 +15,7 @@ Acknowledging and rewarding Security Champions is crucial for several reasons. F To effectively implement this principle, organizations should develop a system that regularly recognizes the efforts of Security Champions. This could include setting up formal recognition programs, offering tangible rewards such as bonuses or professional development opportunities, and providing career advancement possibilities for effective champions. Additionally, regular feedback and expressions of appreciation are essential. Tailoring rewards to individual motivations is also key; some Champions might value public recognition, while others might appreciate personal development opportunities. The system should be designed to align with the organization's culture and policies, ensuring that it is meaningful and sustainable. Please refer to [The Star Model ™](https://www.jaygalbraith.com/services/star-model)or the [PDF](https://jaygalbraith.com/wp-content/uploads/2024/03/StarModel.pdf) for more information on the theory of reward systems. Supporting Artifacts: + * Recognition Certificate Templates:
Create customizable certificate templates to formally recognize the contributions of Security Champions. These certificates can be awarded for various achievements, like leading a successful security initiative, completing a significant amount of training, or significantly improving the security posture of a project. diff --git a/docs/principles/index.md b/docs/principles/index.md new file mode 100644 index 0000000..dc94e03 --- /dev/null +++ b/docs/principles/index.md @@ -0,0 +1,14 @@ +# Principles + +## The Ten Key Principles of a Successful Security Champions Program + +1. [Be passionate about security](01_Be_passionate_about_security.md) +2. [Start with a clear vision for your program](02_Start_with_a_clear_vision_for_your_program.md) +3. [Secure management support](03_Secure_management_support.md) +4. [Nominate a dedicated captain](04_Nominate_a_dedicated_captain.md) +5. [Trust your champions](05_Trust_your_champions.md) +6. [Create a community](06_Create_a_community.md) +7. [Promote knowledge sharing](07_Promote_knowledge_sharing.md) +8. [Reward responsibility](08_Reward_responsibility.md) +9. [Invest in your champions](09_Invest_in_your_champions.md) +10. [Anticipate personnel changes](10_Anticipate_personnel_changes.md) \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index aaccdf5..86dade3 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -28,6 +28,9 @@ theme: icon: material/brightness-4 name: Switch to system preference +markdown_extensions: + - def_list + nav: - Introduction: index.md - Manifesto: manifesto.md @@ -41,4 +44,5 @@ nav: - 7. Promote knowledge sharing: principles/07_Promote_knowledge_sharing.md - 8. Reward responsibility: principles/08_Reward_responsibility.md - 9. Invest in your champions: principles/09_Invest_in_your_champions.md - - 10. Anticipate personnel changes: principles/10_Anticipate_personnel_changes.md \ No newline at end of file + - 10. Anticipate personnel changes: principles/10_Anticipate_personnel_changes.md + - Project page: https://owasp.org/www-project-security-champions-guidebook/ \ No newline at end of file