The Elevation of Privilege game is designed to help you easily and quickly find threats to software or computer systems. It's the easiest way to start looking at your design from a security perspective and to threat model, intended to be picked up and used by any development group.
Because the game uses STRIDE threats, it gives you a framework for thinking, and specific actionable examples of those threats.
The game consists of 84 cards, including 2 instruction cards, 1 play and strategy flowchart card, 74 playing cards, 6 reference cards, and an ‘about’ card. The cards are in six suits. This is based on the STRIDE mnemonic introduced by Kornfelder and Garg.
Try these with our Threat cards to help facilitate scoring and capture the work identified during your EoP session.
STRIDE stands for:
|S||Spoofing||Impersonating something or someone else.|
|T||Tampering||Modifying data or code.|
|R||Repudiation||Claiming not to have performed an action.|
|I||Information Disclosure||Exposing information to someone not authorized to see it.|
|D||Denial of Service||Denying or degrading service to users.|
|E||Elevation of Privilege||Gain capabilities without proper authorization.|
Interested in the STRIPED version of the game including the Privacy suit. Click here.
We can help create custom versions of the deck to suit your needs, whether you're thinking of adding that extra impact on the adoption of the game or spreading awareness of your company.
Our price includes preparing the artwork for both the cards and tuck box. Minimum quantity 25 decks.
Contact us on email@example.com to discuss your requirements.