threat-modeling
Threat Modeling Skill
Purpose
This skill embodies the complete Hack23 AB threat modeling methodology as defined in ISMS Threat_Modeling.md. It provides systematic threat identification, risk quantification, and security control validation for proactive security assurance across all Hack23 projects.
Key Philosophy: "Security through transparency" - All threat models are publicly documented to demonstrate security excellence to clients, regulators, and the open-source community.
Hack23 Threat Modeling Process (ISMS ยง 4)
Per ISMS Threat_Modeling.md, Hack23 employs a five-strategy integrated approach:
1. ๐ฏ Attacker-Centric (ISMS ยง 4.1)
MITRE ATT&CK Framework Integration
- Map attack tactics and techniques to system components
- Identify threat agents (Nation-state APTs, Cybercriminals, Hacktivists, Malicious Insiders)
- Analyze attack scenarios based on current threat intelligence (ENISA Threat Landscape 2024)
- Red team perspective: "How would I compromise this system?"
More from hack23/riksdagsmonitor
osint-methodologies
OSINT collection, source evaluation, data integration, verification techniques for Swedish political intelligence
41economic-policy-analysis
Fiscal policy, budget analysis, economic forecasting, monetary policy, trade policy for political journalists
33electoral-analysis
Election forecasting models, campaign analysis, coalition prediction, voter behavior analysis for Swedish elections
25vulnerability-management
Vulnerability scanning, assessment, prioritization, and remediation processes following NIST and CIS Controls
25nist-csf-mapping
NIST Cybersecurity Framework 2.0 mapping for static HTML/CSS websites
24testing-strategy
Comprehensive testing strategy covering unit, integration, E2E, security, accessibility, and performance testing
23