This is a workshop to help developers to understand the system they work with. In it, participants build a model as a basis for discussion of aspects of day-to-day security.
It allows developers to build up a rich picture of their environment, especially people, processes and technology and the relationship between them. Participants trade information about how things work on projects, in teams and in departments.
This workshop often serves to identify what security practices are working well, and what can be improved.
The sub-folder Additional Materials in the Download Pack contains suggestions (in ModifyingTheWorkshop.docx) and other materials to help you adapt the workshop to suit different needs.
A basis for this workshop was work done in the Collective Securities project. Thierry Gregorius's excellent blog article and Marco Rillo's comprehensive online book provide some background on using Lego for Serious Play.