I am at the tail of of the development of the early access version a mobile game that teaches security. It will be available on the Google Play Store. What are the chances this will be able to count towards my CPEs?
Hello @josephoracle,
This is a really great question. I would recommend that you reach out to Member Support, you can find contact info here. It may be best if you include some information about time, research, etc. that went into creating and building the app, this way the team has all of the information they would need to make a determination.
Feel free to head back here when you get an answer to let the Community know what, if any, CPE's you were able to claim for your work.
@rslade, earning CPEs for playing the game might be too much to expect --- but the community could at least dole out Kudos / Badges for it...
Now, all jokes aside,
@josephoracle, that's a great contribution to Information Security awareness, whether or not you'll be entitled to CPEs. Once it's developed, I'll be happy to give you a review / recommendations.
@SamanthaO_isc2, when determining eligibility for CPEs, I do hope (ISC)2 will evaluate the app's security and not just its functionality.
@Shannon wrote:
...when determining eligibility for CPEs, I do hope (ISC)2 will evaluate the app's security and not just its functionality.
The more likely question (ISC)² would consider is if app development is similar to writing educational materials and what sorts of limitations should apply (e.g. number of hours per year).
I would think that performing code reviews is well out of scope for (ISC)², in the same way that they do not attest to the accuracy of papers and webinars that you submit for CPE approval.
Normally, evaluating the app's security/functionality is done by the Google and Apple app stores (with varying degrees of success). This is why I never side-load apps on my phone -- at least I have assurances that some level of testing has been completed. @josephoracle, I am glad that you will be submitting your app thorough the appropriate app store(s) so that I have the opportunity to check it out.
@denbesten, yes, you're right about the code reviews being out of (ISC)2's scope, so I'll rephrase my line:
'...when determining eligibility for CPEs, I do hope (ISC)2 will take into consideration the app's security, and not just its functionality.'
Hahaha. Great question. Once it is in a complete state, it should be a good candidate for credit.
Funny you should say that because I've debated doing a CISSP specific study version that would eventually be offered in VR.
The security of the app itself is very straightforward and it gets the basic scrutiny of all apps submitted to the Google Play Store, where it now sits as an internal test.