Threat Model Template (STRIDE)

System: [Name of the system being modeled] Date: [Date of threat modeling] Author: [Your name / engagement reference]

Fill in each category below for the specific system under assessment. Consider the system's architecture, its users, its data, and its business context.

Spoofing

Can someone pretend to be a legitimate user, service, or system?

Threats identified:

Assets at risk:

Existing controls:

Residual risk:

Tampering

Can someone modify data, configurations, or code without authorization?

Threats identified:

Assets at risk:

Existing controls:

Residual risk:

Repudiation

Can someone deny performing an action, and would the system have evidence?

Threats identified:

Assets at risk:

Existing controls:

Residual risk:

Information Disclosure

Can someone access data they should not be able to see?

Threats identified:

Assets at risk:

Existing controls:

Residual risk:

Denial of Service

Can someone prevent legitimate users from accessing the system?

Threats identified:

Assets at risk:

Existing controls:

Residual risk:

Elevation of Privilege

Can someone gain capabilities beyond what they should have?

Threats identified:

Assets at risk:

Existing controls:

Residual risk: