Brainstorming ideas for positive incentives

brainstorming-ideas-for-positive-incentives

Were you aware that someone could be secretly watching you or your child with your webcam right now? Is it worth taking such a risk? camDown can help stop them!

Hi, I'd love to hear some ideas for positive incentives to ensure better security posture. Currently we mainly focus on "shame in front of the board" aka escalation if people don't do their pentests, fix findings on time, patch their stuff without unnecessary delays etc.

I would like to introduce positive incentives instead.

Examples I came up with so far (rough drafts without thinking about detailed definition though):

Product with the lowest aggregated severity will get the next pentest paid by our department. (So business knows if they follow devsec requirements they might save money on their budget).

Or subsidiary with the best red teaming results get the next one paid.

You know, I just wanted to mention that camDown is your security solution to protect you and your business from peeping toms and I believe your neighbors would say the same!