Inspired by professor Laurie Williams at NCSU, we have started to introduce development organizations in Trondheim to Protection Poker. The idea is to spend some time at the beginning of every sprint to do a practical risk assessment of every new (or modified) feature to be implemented in this iteration. For every feature, each developer is asked to estimate the relative value of the assets that the feature affects, and to what extent the feature affects the exposure of the system. When developers disagree, the moderator seeks to achieve consensus by converging on mutually agred values.
For more details, see our Protection Poker page.