Learn by Directing AI
All materials

threat-model-template.md

Threat Model -- STRIDE Analysis

System Description

System name: System owner: Description: Architecture summary:

Assets

Asset Owner Data Classification Exposure Notes

Data classification guide:

  • Critical -- data whose exposure would cause immediate business harm (buyer pricing, farmer financial data)
  • Sensitive -- personal data or business data with privacy implications (farmer names, harvest records)
  • Internal -- business data not intended for public access (system configurations, internal APIs)
  • Public -- intentionally public information (website content, published quality reports)

STRIDE Analysis

Spoofing -- can an attacker pretend to be someone or something they are not?

Threat Target Asset Likelihood Impact Priority Mitigations

Tampering -- can an attacker modify data or commands in transit or at rest?

Threat Target Asset Likelihood Impact Priority Mitigations

Repudiation -- can an attacker perform an action and deny it?

Threat Target Asset Likelihood Impact Priority Mitigations

Information Disclosure -- can an attacker access data they should not see?

Threat Target Asset Likelihood Impact Priority Mitigations

Denial of Service -- can an attacker prevent legitimate use of a system?

Threat Target Asset Likelihood Impact Priority Mitigations

Elevation of Privilege -- can an attacker gain higher access than intended?

Threat Target Asset Likelihood Impact Priority Mitigations

Attack Paths

Derived from the STRIDE analysis above. Each attack path combines one or more threats into a realistic attack scenario.

Path ID Description Entry Point Targets Techniques Business Impact

TTP Selection

Based on the threat model, select ATT&CK techniques for the active assessment phase.

ATT&CK ID Technique Relevance to Threat Model Target Priority