Putting security on the table
- IT-Security Tabletop Games for developers have been available in analog format; with the COVID-19 pandemic, interest in collaborative remote security games has increased. In this paper, we propose a methodology to evaluate the impact of a (remote) security game-based intervention on developers. The study design consists of the respective intervention, three questionnaires, and a small open interview guide for a focus group. A validated self-efficacy scale is used as a proxy for measuring effects on participants' ability to develop secure software. We tested this design with 9 participants (expert and novice developers and security experts) as part of a small feasibility study to understand the challenges and limitations of remote tabletop games. We describe how we selected and digitalised three security tabletop games, and report the qualitative findings from our evaluation. Setting up and running the virtual tabletop games turned out to be more challenging and complex for both moderator and participants than we expected. Completing the games required patience and persistence, and social interaction was limited. Our findings can be helpful in building and evaluating a better, more comprehensive, technically sound and issue-specific game-based training measure for developers. The methodology can be used by researchers to evaluate existing and new game designs.
Author: | Marco GutfleischGND, Markus SchöpsGND, Sibel SayinGND, Frederic WendeGND, Martina Angela SasseORCiDGND |
---|---|
URN: | urn:nbn:de:hbz:294-109368 |
DOI: | https://doi.org/10.1145/3510456.3514139 |
Parent Title (German): | ICSE-SEET '22: Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Software Engineering Education and Training |
Subtitle (English): | the digitalisation of security tabletop games and its challenging aftertaste |
Publisher: | Association for Computing Machinery |
Place of publication: | New York City, New York |
Document Type: | Conference Proceeding |
Language: | English |
Date of Publication (online): | 2024/02/23 |
Date of first Publication: | 2022/10/17 |
Publishing Institution: | Ruhr-Universität Bochum, Universitätsbibliothek |
Tag: | developer education; security; serious games; software engineering |
First Page: | 217 |
Last Page: | 222 |
Dewey Decimal Classification: | Allgemeines, Informatik, Informationswissenschaft / Informatik |
open_access (DINI-Set): | open_access |
faculties: | Fakultät für Informatik |
Licence (English): | Creative Commons - CC BY 4.0 - Attribution 4.0 International |