Privacy-by-Design Can Be Entertaining
LogMeIn is releasing the new “EoP Privacy Suit” under creative commons.
At LogMeIn, we’ve been using the Secure Development Lifecycle (SDL), first introduced by Microsoft, to train our engineering team and ensure security is built in at every stage of our product development. As a cornerstone to the SDL activities, we regularly organize threat modeling sessions to find potential issues before they would go into production. Following the STRIDE methodology we use an incredible tool, called the Elevation of Privilege (EoP) card game invented by Adam Shostack, where every letter from STRIDE has its own suit of cards.
We are excited to share, that LogMeIn is releasing the new “EoP Privacy Suit” under creative commons. With this, we aim to follow Microsoft’s great example of sharing good practices with the industry and also provide security conscious engineering teams with vetted security tools.
As part of our EoP exercise, we always have discussions regarding privacy, however these had more the format of brainstorming between good craftsmen: informal discussions with the involvement of senior engineers, legal, and security. Although the outcome did meet the requirements, it was difficult to later understand or replicate the thought process, even more to create a real audit trail.
With the GDPR’s “Article 25: Data Protection by Design” requirement now in place, we determined that these privacy discussions need to be more formalized, repeatable, and documented. After researching the topic to identify any standard method of training that we could integrate into our practices, we could not find any that met our requirements, and so we decided to come up with our own process.
As a next step, we reviewed our SDL implementation to see where and how we could integrate formal privacy practices. As a candidate, we found that the EoP game we use for threat modeling could well accommodate a Privacy Suit. Applying a user-centered design methodology, we started designing the Privacy Suit. Our main requirements were to make the cards actionable and understandable for engineers, cover items with the highest privacy risk, and of course, integrate into the design of the original deck of cards.
In order to determine which topics to cover, we initially leveraged the experience from our various product teams and then collected feedback from internal and external privacy professionals. After having identified the key elements to be presented on the cards, we asked people from across product management, development, QA, and security as the target users of the cards to provide feedback regarding language.
As a result, the final EoP Privacy Suit was created. Moving forward, LogMeIn will be using this for all threat modeling exercises. By adding the Privacy Suit to the EoP card game which originally used ‘STRIDE’ as the underlying model of threats, we’ve determined the new acronym will be ‘STRIPED’, adding the ‘P’ for Privacy.
The game is intended to be played exactly as the original EoP card game. We encourage all security engineers to use it, share it, and send us feedback to striped-cards[at]logmein.com!