threat-modeling
Threat Modeling Skill
Purpose
This skill ensures systematic identification, analysis, and mitigation of security threats using structured methodologies as defined in the Hack23 ISMS Threat Modeling Policy. It applies to all systems, applications, and data flows within the organization.
Rules
Threat Modeling Process
MUST:
- Perform threat modeling during design phase of all new systems and features
- Use STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
- Map threats to MITRE ATT&CK framework techniques
- Document threat model in version control alongside architecture docs
- Review and update threat models when architecture changes
- Assign risk ratings (Critical, High, Medium, Low) to identified threats
- Define mitigation strategies for all High and Critical threats
- Track threat model findings as security requirements
More from hack23/homepage
github-actions-cicd
GitHub Actions workflow structure, security scanning integration (CodeQL, ZAP), Lighthouse audits, minification, and deployment automation
108html-css-best-practices
Semantic HTML5, CSS custom properties, responsive design, and performance optimization for web development
91agentic-workflow-orchestration
Multi-agent coordination, orchestrator-worker patterns, /plan decomposition, and project coordination for GitHub Agentic Workflows
61product-documentation
Product documentation standards covering user guides, feature documentation, release notes, and end-user communication
52c4-modeling
C4 model (Context, Container, Component, Code) diagram patterns with Mermaid syntax for architecture documentation
33cryptography
Approved cryptographic algorithms, TLS enforcement, key management, and certificate handling per Hack23 Cryptographic Controls Policy
32