Threat Modeling with EoP
Threat modeling is a technique used to find Security design flaws in Software. The Elevation of Privilege with Privacy card game was originally created by Adam Shostack at Microsoft and was later extended to include privacy by Mark Vinkovits at LogMeIn.
This template is for performing remote threat modeling exercises with engineering teams. I often perform threat modeling exercises with remote teams and facilitating the meeting is much simpler when you have a board prepared that contains the instructions, the cards and different sections for gameplay.
To prepare the board:
Add your architecture diagram to each section of the board;
Lock the diagrams in place;
Select the sticky notes and bring them to the front (so they don't go behind the diagram when being moved).
You will need to distribute the list of cards (each players hand) to them individually and grant them access to the board. You could use the online croupier where you can also get cards made up to play the game.