Security Threat Model Block
Document security threats using the STRIDE methodology with mitigations, risk ratings, and affected assets.
Overview
The Security Threat Model block documents security threats using the STRIDE methodology (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege). It captures affected assets, threat actors, attack vectors, mitigations, and residual risk. Use this block to create complete threat documentation.
Critical Risk Example
A high-impact threat with implemented mitigations.
Information Disclosure Threat
A threat related to sensitive data exposure.
Denial of Service Threat
A threat targeting system availability.
Block Properties
| Property | Required | Description |
|---|---|---|
| threatName | Yes | Name identifying the threat |
| description | No | Detailed description of the threat |
| strideCategory | No | STRIDE category (see below) |
| likelihood | No | Probability of occurrence (high, medium, low) |
| impact | No | Potential damage if exploited (high, medium, low) |
| riskRating | No | Overall risk level (critical, high, medium, low) |
| affectedAssets | No | Array of systems or data at risk |
| threatActors | No | Array of potential threat actors |
| attackVector | No | How the attack would be executed |
| mitigations | No | Array of controls with status and effectiveness |
| residualRisk | No | Risk level after mitigations (high, medium, low, accepted) |