-
-
Notifications
You must be signed in to change notification settings - Fork 0
Playbook Threat Modeling
Hermes Agent edited this page Jul 11, 2026
·
1 revision
Identify assets, trust boundaries, abuse cases, and control priorities for a system or workflow.
- architecture notes or diagrams
- system description
- user roles and data flows
- assumptions and constraints
Typically security-threat-modeling, sometimes security-architecture, and finally security-qa.
- intake
- system decomposition
- asset and boundary identification
- abuse-case generation
- control prioritization
- QA
- enough system context to model boundaries
- explicit assumptions
- QA pass on clarity and traceability
- threat model
- abuse cases
- control recommendations
- assumptions and residual risk
A threat model is only as good as the system context provided.
Model trust boundaries for an internal admin workflow serving multiple tenants.