This is a modelling activity in which participants create
physical models of working environments, both technical and
social, to help discuss aspects of day-to-day security.
Security practice is embedded within particular environments and situations. The context in which security decisions and activities unfold can be used to identify ways to foster security practice in software development teams and departments.
This activity helps participants trade information about how things work on projects, in teams or departments. It can be used to identify what in security practice is working well, and what could be improved.
The sub-folder Additional Materials in the Download Pack contains suggestions (in ModifyingTheWorkshop.docx) and other materials to help you adapt the workshop to suit different needs.
This workshop is based on the work of Professor Lizzie Coles-Kemp of Royal Holloway. This academic paper describes her use of similar techniques to learn about wider, non-development, security. Click here for full details.