• kim

Gamifying data protection training

Abigail Dubiniecki wrote a very insightful article for Privacy Laws and Business about gamification in data protection training.


LINDDUN GO was featured as one of the serious games that can aid data protection training.





You can find an excerpt about LINDDUN GO below, but I highly recommend to check out the full article (which you can download below) as it explains the benefits of gamification and highlights many interesting data protection and privacy games. A must-read when working in data protection and privacy engineering.


"LINDDUN GO is a gamified version of LINDDUN, a privacy threat modelling methodology that was designed to bridge the chasm between lawyers, DPOs and engineers by providing a model for systematically eliciting and addressing privacy threats in software architectures. LINDDUN is a recognised Privacy Engineering methodology in ISO 27550.

As Kim Wuyts, Post-Doctoral Researcher at DistriNet, KU Leuven explains, she and her co-creators created LINDDUN GO to offer a “lightweight privacy threat modelling approach that is easy to apply, without overhead or friction, and that has a low threshold, making it suitable for people

who are relatively new to the privacy field, while keeping a high level of thoroughness and traceability.”

Inspired by the Elevation of Privilege game by Adam Shostack (which gamifies Microsoft’s STRIDE security threat modeling approach), players identify different types of privacy threats and mitigations in a data flow map using handy playing cards as prompts.

While intended as a support privacy engineering at the design stage, it helps all participants learn by doing in a collaborative way, confidently brainstorming different solutions. This makes it particularly suited to agile / DevOps organisations that don’t have the luxury of wading

through extensive documentation.

The full game can be downloaded for free from their website. It pairs well with Elevation of Privilege. Shostack lists a host of other gamified cybersecurity games on his website

worth considering."

Dubiniecki_Gamify_sept2020
.pdf
Download PDF • 257KB



29 views

DistriNet Research Group 

KU Leuven

Dept. Computer Science 

Celestijnenlaan 200A (postbox 2402) 

200A B-3001 Heverlee BELGIUM 

  • White Facebook Icon
  • White Twitter Icon

© 2020  DistriNet KU Leuven