What is Security and Me?
This is a questionnaire that explores each team member's individual motivation and approach to software security. It relates this to their security-related activities in their development work.
Why should we use this?
Security is not only technical. It is a multi-faceted concern that touches on who people are and what they think is important: in their daily work, in their particular jobs, and in their career.
This questionnaire helps participants identify attributes of their working life, and relates them about factors that may influence how security happens in their professional work. It provides a language for managers and teams to discuss how team members relate to security.
You can use it as a basis for discussions about different security-related roles in the team, about how team members might work together to achieve stronger security, and about how individuals can motivate and support themselves towards security.
When can it be used?
- Free time, such as like 10% days,
- Goal setting initiatives,
- Away days, or
- Whenever's convenient
To use this survey, you need:
- Individual participants;
- A printout of the questions and supporting materials (download pack) for each participant
- Time (20 minutes or more) set aside for each to discuss the results. This discussion may be with the facilitator or team lead; or with another participant.
This activity might be right if you want:
- An activity that will complement technical security training.
- To provide a method for developers to take stock of their working life.
- To help developers better understand how they approach security on the job.
The profile concept is based on work by Schwartz, introduced in this paper. And the concept of different attitudes to security is based on work by Furness.