SecureMind → to the app

A learning app for IT security fundamentals with gamification elements and short, accessible learning units. Available for iOS and Android.

In a 20-day study with 486 participants, 157 of 159 completed post-tests showed improvements over the pre-test. Positive effects were particularly pronounced with daily app use. Based on these results, a follow-up study with two variants is currently in preparation — one for private users and one for professional contexts.

Privacy Range → to the training environment

A fictional online shop with real technical and organisational privacy flaws (e.g., hidden data flows to third parties), designed as an interactive training environment. The goal: independently identify privacy gaps and thereby apply theoretical knowledge in practice, inspired by the concept of cybersecurity ranges.

A qualitative think-aloud study with IT students who had recently completed a GDPR course has been conducted, and a publication has been submitted.

Key finding: Obstacles to GDPR compliance auditing arise less from a lack of conceptual knowledge than from difficulties in procedural application. Participants had the relevant concepts but lacked a systematic approach to verification. They tended to trust interface claims rather than verifying system behaviour, and prior experience with other websites normalised non-compliant patterns rather than making them visible. The Privacy Range was perceived less as a knowledge transfer tool and more as a diagnostic instrument — one that reveals competence gaps and shows where theoretical knowledge has not yet translated into practical application.

ForDaySec Game Cards → to the digital version

A standard deck of 52 playing cards conveying IT security and privacy knowledge in an accessible format, designed as a discussion tool for workshops and other collaborative activities. Developed for software developers, operators, and self-hosters, e.g. in clubs and NGOs.

Initial pilot tests show promising results for facilitating discussion and reflection. A workshop study with IT professionals is in preparation.

GDPR-Ops Library → to the library

From data subject rights to backups: step-by-step guidance for the secure and GDPR-compliant operation of common self-hosted software, published under an open-source licence for community contributions. The foundation is a criteria catalogue developed within the project, comprising 23 review questions across seven categories.

Finding from development: Responsibility for privacy-compliant configuration lies with operators, not with open-source projects. Even privacy-aware IT professionals struggle with compliant setup, as application-specific, understandable information is often absent or scattered across many sources.