threat-mitigation-mapping
Map identified threats to appropriate security controls and mitigations for effective defense-in-depth planning.
- Provides control categorization by type (preventive, detective, corrective) and layer (network, application, data, endpoint, process), with templates for building threat-to-control mappings and calculating coverage gaps
- Includes a standard control library with 15+ pre-built controls covering authentication, encryption, logging, access control, and availability, each mapped to STRIDE threat categories and compliance frameworks
- Offers analysis tools to identify unmapped threats, calculate risk reduction percentages, detect defense-in-depth weaknesses, and generate phased implementation roadmaps prioritized by threat criticality
- Supports control effectiveness testing, budget-constrained optimization, and comprehensive reporting for security architecture reviews and remediation planning
Threat Mitigation Mapping
Connect threats to controls for effective security planning.
When to Use This Skill
- Prioritizing security investments
- Creating remediation roadmaps
- Validating control coverage
- Designing defense-in-depth
- Security architecture review
- Risk treatment planning
Core Concepts
1. Control Categories
Preventive ────► Stop attacks before they occur
More from wshobson/agents
tailwind-design-system
Build scalable design systems with Tailwind CSS v4, design tokens, component libraries, and responsive patterns. Use when creating component libraries, implementing design systems, or standardizing UI patterns.
41.0Ktypescript-advanced-types
Master TypeScript's advanced type system including generics, conditional types, mapped types, template literals, and utility types for building type-safe applications. Use when implementing complex type logic, creating reusable type utilities, or ensuring compile-time type safety in TypeScript projects.
40.5Knodejs-backend-patterns
Build production-ready Node.js backend services with Express/Fastify, implementing middleware patterns, error handling, authentication, database integration, and API design best practices. Use when creating Node.js servers, REST APIs, GraphQL backends, or microservices architectures.
31.8Kpython-performance-optimization
Profile and optimize Python code using cProfile, memory profilers, and performance best practices. Use when debugging slow Python code, optimizing bottlenecks, or improving application performance.
22.1Kapi-design-principles
Master REST and GraphQL API design principles to build intuitive, scalable, and maintainable APIs that delight developers. Use when designing new APIs, reviewing API specifications, or establishing API design standards.
20.3Kpython-testing-patterns
Implement comprehensive testing strategies with pytest, fixtures, mocking, and test-driven development. Use when writing Python tests, setting up test suites, or implementing testing best practices.
19.7K