threat-modellisted

# Threat Model Skill STRIDE threat modeling for secure design. ## Workflow 1. **Define scope**: What system/feature/component is being modeled? 2. **Draw data flow diagram** (textual): - Identify actors (users, external systems) - Identify processes (services, functions) - Identify data stores (databases, caches, files) - Identify data flows (what moves between components) - Identify trust boundaries (where trust level changes) 3. **For each component and data flow, assess STRIDE threats**: | Threat | Description | Question to Ask | |--------|------------|----------------| | **S**poofing | Impersonating something or someone | Can an attacker pretend to be this user/system? | | **T**ampering | Modifying data or code | Can data be changed in transit or at rest? | | **R**epudiation | Claiming to not have done something | Can a user deny an action without accountability? | | **I**nfo Disclosure | Exposing data to unauthorized parties | Can sensitive data leak? | | **D**enial of Service | Making the system unavailable | Can this component be overwhelmed? | | **E**levation of Privilege | Gaining unauthorized access | Can a user escalate their permissions? | 4. **For each identified threat**: - Severity: Critical / High / Medium / Low - Likelihood: High / Medium / Low - Existing mitigations (if any) - Recommended mitigations - Residual risk after mitigation **For AI-powered systems**: Extend STRIDE with AI-specific thr