What is Security in the World?
This is a card-based discussion activity. It relates different views of real-world security incidents to participants' own values and experiences.
Why should I run this workshop?
The push to improve security is everywhere these days, and the pressure on developers to do more about it is strong.
However, it’s not a natural thing to contemplate how a product or service may be compromised or breached, and developers need support to reason about cyber security risks
This workshop creates a safe space for participants to talk with each other about what security means in their software development context and why it is important.
When can it be used?
- Away days
To run this workshop, you need:
- Between 60 and 90 minutes;
- Groups of 3-6 people: programmers and testers, and if possible product managers and team leaders;
- Preferably, a facilitator for every three groups; and
- Printed sets of instructions, stories and cards. See OrganiserInstructions.pdf in the download pack.
This workshop might be right for you if you want:
- An activity that will complement technical security training;
- To provide a method for developers to critically engage with public reports of security breaches; or
- To encourage information trading practices within and between teams
The sub-folder Additional Materials in the Download Pack contains suggestions (in ModifyingTheWorkshop.docx) and other materials to help you adapt the workshop to suit different needs.
The open-access paper Talking about Security with Professional Developers describes three versions of this workshop and the experience of delivering them. Click here for the full reference.