Free Delivery on orders above $50 for our US and Europe customers

OWASP Cumulus - Threat Modeling the Cloud

£16.00

Description

OWASP Cumulus is a gamified approach to integrating security into cloud and DevOps teams. As a variant of the popular card game Elevation of Privilege by Adam Shostack, Cumulus enables teams to threat model DevOps systems.

Developed and supported by TNG Technology Consulting, Cumulus helps DevOps teams enhance their security through collaboration and discussion and seamlessly integrates into agile development processes.

Threat model the Ops of DevOps!

Bulk Pricing

Automatically applied at checkout:

Buy Discount
5 or more decks 10% off
10 or more decks 15% off
20 or more decks 20% off
30 or more decks 30% off

Outcome

Identify work that needs doing earlier in the project lifecycle. Defuse difficult relationships. Build trust. Bring teams together in peace and harmony.

Made by Agile Stationery

Experts in delivering the right kind of conversations. Slick cards in robust boxes. The best there is outside the casinos.

Specifications
  • Suits
    Access & Secrets, Delivery, Recovery, Monitoring, Resources
  • # Cards
    60
  • Created by
    TNG Consulting

Try a branded version

If you'd like to encourage the use of this technique within your team or organisation, a branded deck is a great way to demonstrate your support and commitment to the process.

How to play?

  • Before you begin

    Collaboratively create a high level overview of your system. This can be a data flow diagram or any visual format your team understands.

    Each suit in the deck represents a type of threat. Pick one to start with. It will be your starting suit for the first round.

  • Deal the cards

    Deal the cards to all players. The player with the lowest card in the starting suit goes first.

    Everyone plays a card. Follow the lead suit if you can.

    The highest card wins the trick (trump suit: Access & Secrets).

  • Spot the threats

    As each card is played, discuss whether the threat it represents applies to your system.

    If the group agrees it’s a valid threat, note it down.

    The player who raised the threat earns an extra point.

  • Winning

    The winner of each trick gets 1 point.

    Players who identify an agreed-upon threat earn 1 bonus point.

    After each round, the winner chooses the next suit to play.

    Play continues until all cards are used or time runs out. Highest score wins!

Hybrid teams? No problem

Play our threat modeling games remotely
with the power of physical cards!

Croupier
Back to top