Skip to content

Playbook Threat Modeling

Hermes Agent edited this page Jul 11, 2026 · 1 revision

Threat Modeling

Objective

Identify assets, trust boundaries, abuse cases, and control priorities for a system or workflow.

Inputs

  • architecture notes or diagrams
  • system description
  • user roles and data flows
  • assumptions and constraints

SMEs involved

Typically security-threat-modeling, sometimes security-architecture, and finally security-qa.

Flow

  1. intake
  2. system decomposition
  3. asset and boundary identification
  4. abuse-case generation
  5. control prioritization
  6. QA

Gates

  • enough system context to model boundaries
  • explicit assumptions
  • QA pass on clarity and traceability

Outputs

  • threat model
  • abuse cases
  • control recommendations
  • assumptions and residual risk

Limitations

A threat model is only as good as the system context provided.

Sanitized example

Model trust boundaries for an internal admin workflow serving multiple tenants.

Clone this wiki locally