Giter Site home page Giter Site logo

elevation-of-privacy's Introduction

elevation-of-privacy

Privacy Cards for Software Developers

Welcome to Elevation of Privacy, an unofficial extension set to Microsoft’s Elevation of Privilege threat modelling card game.

These playing cards portray privacy and data protection compliance risks that have been identified in the real world. The simplest way to use these cards is to draw a Data Flow Diagram or a Message Sequence Chart, and discuss the aspects in the context of each of the data flows and data stores.

You can play this game with or without the original Elevation of Privilege deck. It extends the STRIDE model with TRIM:

  • Transport of personal data across geopolitical or contractual boundaries
  • Retention and Removal of personal data
  • Inference of personal data from other personal data, for example, through correlation
  • Minimisation of personal data and its use

Those suites that have been extended beyond the normal A-K cards in the original game have hexadecimal values starting from E.

We recommend you use these cards in conjunction with a security threat modelling session. Privacy cannot exist without security. If you use data flow analysis for your threat modelling, it usually provides a very good basis for the analysis of personal data flows as well.

These cards do not fully cover EU General Data Protection Regulation compliance, but are a useful safety net to catch many of the related risks and problematic design decisions and may form a part of a Privacy Impact Assessment (PIA) activity.

For best results, discuss privacy and data protection both during service design and technical design.

Elevation of Privacy is © 2018 F-Secure Corporation. This work is licenced under the Creative Commons Attribution 4.0 International license (https://creativecommons.org/licenses/by/4.0/). Card templates based on the Elevation of Privilege card game (https://www.microsoft.com/en-us/SDL/adopt/eop.aspx), which is © 2010 Microsoft Corporation, licensed under the Creative Commons Attribution 3.0 United States license (https://creativecommons.org/licenses/by/3.0/us/). The original work has been modified.

Working group: Marko Hämäläinen, Laura Noukka, Hiski Ruhanen, Ilona Varis, Antti Vähä-Sipilä.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.