Tell me a story about security, please!
It is very difficult to think what information security and privacy problems a new product might encounter, especially in the fast-moving health automation field of BIO-IOT. This project explores using creative fiction – stories, fantasy and speculation – to help software developers and product owners to identify such threats and vulnerabilities. Following an initial literature survey on creative fiction, we plan to start by surveying experts and fans of fiction for example text; we’ll then build it into a format for a workshop, and trial that workshop with a team of health software application builders. As outcomes, we shall share fiction examples/scenarios, process followed and conclusions from the workshops.
Through a workshop with software and security expert developers, we identified technical and social-safeguarding vulnerabilities for an imaginary product called Genevault (a device that collects and store DNA from humans). We also identified a generic process of divergent-convergent thinking that workshop participants went through, with the possibility of providing more convergent, risk assessment strategies to deal with the vulnerabilities identified.