topic Re: Security Game Creation for Mobile CPE Wor thy ((ISC)Â² Community Subscription Update) in Member Support

Security Game Creation for Mobile CPE Worthy

josephoracle — Tue, 31 Jul 2018 19:40:39 GMT

I am at the tail of of the development of the early access version a mobile game that teaches security. It will be available on the Google Play Store. What are the chances this will be able to count towards my CPEs?

Re: Security Game Creation for Mobile CPE Worthy

SamanthaO_isc2 — Tue, 31 Jul 2018 20:22:21 GMT

Hello @josephoracle,

This is a really great question. I would recommend that you reach out to Member Support, you can find contact info here. It may be best if you include some information about time, research, etc. that went into creating and building the app, this way the team has all of the information they would need to make a determination.

Feel free to head back here when you get an answer to let the Community know what, if any, CPE's you were able to claim for your work.

Re: Security Game Creation for Mobile CPE Wor thy ((ISC)Â² Community Subscription Update)

rslade — Tue, 31 Jul 2018 21:37:13 GMT

> josephoracle (Viewer) posted a new topic in Customer Support on 07-31-2018 03:40

> I am at the tail of of the development of the early access version a mobile game
> that teaches security. It will be available on the Google Play Store. What are
> the chances this will be able to count towards my CPEs?

Ah, but what's important is: will *we* be able to get CPEs for *playing* your
game?

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
I have no color prejudices nor caste prejudices nor creed
prejudices. All I care to know is that a man is a human being,
and that is enough for me; he can't be any worse. - Mark Twain
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

Re: Security Game Creation for Mobile CPE Worthy

Shannon — Wed, 01 Aug 2018 03:25:07 GMT

@rslade, earning CPEs for playing the game might be too much to expect --- but the community could at least dole out Kudos / Badges for it...

Now, all jokes aside,

@josephoracle, that's a great contribution to Information Security awareness, whether or not you'll be entitled to CPEs. Once it's developed, I'll be happy to give you a review / recommendations.

@SamanthaO_isc2, when determining eligibility for CPEs, I do hope (ISC)2 will evaluate the app's security and not just its functionality.

Re: Security Game Creation for Mobile CPE Worthy

denbesten — Wed, 01 Aug 2018 17:38:32 GMT

@Shannon wrote:

...when determining eligibility for CPEs, I do hope (ISC)2 will evaluate the app's security and not just its functionality.

The more likely question (ISC)² would consider is if app development is similar to writing educational materials and what sorts of limitations should apply (e.g. number of hours per year).

I would think that performing code reviews is well out of scope for (ISC)², in the same way that they do not attest to the accuracy of papers and webinars that you submit for CPE approval.

Normally, evaluating the app's security/functionality is done by the Google and Apple app stores (with varying degrees of success). This is why I never side-load apps on my phone -- at least I have assurances that some level of testing has been completed. @josephoracle, I am glad that you will be submitting your app thorough the appropriate app store(s) so that I have the opportunity to check it out.

Re: Security Game Creation for Mobile CPE Worthy

Shannon — Wed, 01 Aug 2018 18:37:13 GMT

@denbesten, yes, you're right about the code reviews being out of (ISC)2's scope, so I'll rephrase my line:

'...when determining eligibility for CPEs, I do hope (ISC)2 will take into consideration the app's security, and not just its functionality.'

Re: Security Game Creation for Mobile CPE Wor thy ((ISC)Â² Community Subscription Update)

josephoracle — Wed, 01 Aug 2018 20:03:57 GMT

Hahaha. Great question. Once it is in a complete state, it should be a good candidate for credit.

Funny you should say that because I've debated doing a CISSP specific study version that would eventually be offered in VR.

Re: Security Game Creation for Mobile CPE Worthy

josephoracle — Wed, 01 Aug 2018 20:08:26 GMT

The security of the app itself is very straightforward and it gets the basic scrutiny of all apps submitted to the Google Play Store, where it now sits as an internal test.

Re: Security Game Creation for Mobile CPE Worthy

josephoracle — Wed, 01 Aug 2018 20:28:33 GMT

At this stage, the game is a simple first person shooter style game with multiple choice questions.

Re: Security Game Creation for Mobile CPE Worthy

josephoracle — Wed, 01 Aug 2018 20:32:45 GMT

Level 1: System FundamentalsLevel 1: System Fundamentals

Re: Security Game Creation for Mobile CPE Worthy

Shannon — Wed, 01 Aug 2018 20:53:52 GMT

@josephoracle, you may want to add the title 'SPOILER ALERT' to your last post...

Re: Security Game Creation for Mobile CPE Worthy

josephoracle — Wed, 01 Aug 2018 21:52:47 GMT

I purposefully didn't....
A few more weeks of development!

Re: Security Game Creation for Mobile CPE Worthy

josephoracle — Tue, 11 Sep 2018 15:51:21 GMT

I've posted a video sample and an invite to become a testers here:

https://www.linkedin.com/feed/update/urn:li:activity:6440765458412113920/

Re: Security Game Creation for Mobile CPE Worthy

CraginS — Tue, 11 Sep 2018 18:00:03 GMT

@josephoracle wrote:
At this stage, the game is a simple first person shooter style game with multiple choice questions.

For an established security awareness training game in the first person shooter mode, albeit for computers and not as a smart phone app, See the Security Awareness Challenge game at

https://iatraining.disa.mil/eta/disa_cac2018/launchPage.htm

The U.S. Defense Department developed it for annual training of the workforce, and versions of it are used also by the Intelligence Community and also by other U.S. departments and agencies outside DOD.

Thousands of us have had to walk through the game annually for several years.

As a government product it is not copyrighted, and I believe it is effectively in the public domain.