Elevation of Privilege (EoP) Threat Modeling Card Game
The Elevation of Privilege card game is designed to help you easily and quickly find threats to software or computer systems. It's the easiest way to start looking at your design from a security perspective and to threat model, intended to be picked up and used by any software development group.
Because the game uses STRIDE threats, it gives you a framework for thinking, and specific actionable examples of those threats.
The game consists of 84 cards, including 2 instruction cards, 1 play and strategy flowchart card, 74 playing cards, 6 reference cards, and an ‘about’ card. The cards are in six suits. This is based on the STRIDE mnemonic introduced by Kornfelder and Garg.
Try these with our Threat cardsto help facilitate scoring and capture the work identified during your EoP session.
STRIDE stands for:
Impersonating something or someone else.
Modifying data or code.
Claiming not to have performed an action.
Exposing information to someone not authorized to see it.
Denial of Service
Denying or degrading service to users.
Elevation of Privilege
Gain capabilities without proper authorization.
Interested in the STRIPED version of the game including the Privacy suit. Click here.
We can help create custom versions of the deck to suit your needs, whether you're thinking of adding that extra impact on the adoption of the game or spreading awareness of your company.
Contact us on firstname.lastname@example.org to discuss your requirements.