Threat Poker: Gamification of Secure Agile - Information Security Education. Information Security in Action Access content directly
Conference Papers Year : 2020

Threat Poker: Gamification of Secure Agile

Audun Jøsang
  • Function : Author
  • PersonId : 983840
Viktoria Stray
  • Function : Author
  • PersonId : 1113685
Hanne Rygge
  • Function : Author
  • PersonId : 1113686

Abstract

Agile software development is practiced in most software development projects around the world. To explicitly consider and include security requirements as part of agile software development is referred to as ‘secure agile’. To include security will naturally require additional time and effort, with potentially reduced agility as a consequence. To maintain agility, it is important to have efficient methods to include security in the development process. In this study, we describe enhancements to Threat Poker, which is a game designed for the software development team to deal with security threats identified during the agile development project. Games can be valuable educational tools for actively engaging students and practitioners alike. An experiment with students indicates that playing Threat Poker increases security awareness and that it is a fun and simple way to discuss identified security threats and how to remove security vulnerabilities during the software development process.
Fichier principal
Vignette du fichier
497436_1_En_10_Chapter.pdf (358.35 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-03380689 , version 1 (15-10-2021)

Licence

Attribution

Identifiers

Cite

Audun Jøsang, Viktoria Stray, Hanne Rygge. Threat Poker: Gamification of Secure Agile. 13th IFIP World Conference on Information Security Education (WISE), Sep 2020, Maribor, Slovenia. pp.142-155, ⟨10.1007/978-3-030-59291-2_10⟩. ⟨hal-03380689⟩
36 View
51 Download

Altmetric

Share

Gmail Facebook X LinkedIn More