security-threat-model

# Security Threat Model

## Table of Contents
1. [Purpose](#purpose)
2. [When to Use](#when-to-use)
3. [What Is It](#what-is-it)
4. [Workflow](#workflow)
5. [STRIDE Framework](#stride-framework)
6. [Trust Boundary Mapping](#trust-boundary-mapping)
7. [Common Patterns](#common-patterns)
8. [Guardrails](#guardrails)
9. [Quick Reference](#quick-reference)

## Purpose

Security Threat Modeling systematically identifies vulnerabilities, threats, and mitigations for systems handling sensitive data. It transforms ad-hoc security thinking into structured analysis using STRIDE methodology, trust boundary mapping, and defense-in-depth principles.

## When to Use

**Invoke this skill when you need to:**
- Design secure architecture for systems handling sensitive data (PII, PHI, payment data, credentials)
- Review existing systems for security vulnerabilities before launch or audit
- Evaluate security implications of new features (auth, file uploads, APIs, integrations)
- Prepare for compliance requirements (PCI DSS, HIPAA, SOC 2, GDPR, FedRAMP)
- Investigate security incidents to identify root causes and prevent recurrence
- Assess third-party integration risks (OAuth, webhooks, data sharing)
- Document security posture for stakeholders, auditors, or customers
- Prioritize security improvements with limited resources

**User phrases that trigger this skill:**
- "Is this secure?"
- "What are the security risks?"
- "Threat model for [system]"
- "STRIDE analysis"
- "Trust boundaries"
- "Security review before launch"
- "Compliance requirements"

## What Is It

A structured security analysis that:
1. **Maps system architecture** (components, data flows, trust boundaries)
2. **Classifies data** (sensitivity levels, compliance requirements, lifecycle)
3. **Identifies threats** using STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
4. **Defines mitigations** (preventive controls, detective controls, corrective controls)
5. *