Gamification is seen to be useful in Agile development and has been applied to security. Examples of popular security games are protection poker and elevation of privilege. Field results however show that security expertise and experience are needed for useful deliverables when these games are used. Besides, they are manual and requires more than one person to play.
In this project, we want to combine expertise and experience into a computer board game by using available data. The goal of this project is to develop a board game that combines both threats and mitigations as underlining knowledge base. The board game will be extensible and allow a player (developer/architect/tester/etc.) play a security strategy fun game for their project or for new features they want to develop.
The co-supervisors of this project are Tosin Oyetoyan and Daniela Soares Cruzes at SINTEF Digital.
keywords: security awareness, strategy, threats, mitigations, board game, fun