Skip to content
Arda Platform Documentation

Threat Model

Use this template when performing a threat analysis on a feature or component. Completed threat models belong in the process/ section.

When to Use

Section titled “When to Use”
  • A new feature handles sensitive data or introduces trust boundaries.
  • A component is exposed to external or cross-tenant access.
  • A security review is required before production deployment.

Target Section

Section titled “Target Section”

process/

Template

Section titled “Template”
---
title: "Threat Model: Feature / Component"
tags: [threat-model, security]
domain: process
maturity: published
author: Security Engineer
---


# Threat Model: [Feature / Component]


**Author**: Security Engineer
**Date**: YYYY-MM-DD
**Status**: Draft | In Review | Approved
**Related Feature**: [Link to user story or implementation plan]


## Overview


Brief description of the feature or component being modeled and why a threat model is needed.


## System Context


Describe the relevant parts of the system:


- **Components involved**: [list services, databases, external APIs]
- **Data flows**: [describe how data moves between components]
- **Trust boundaries**: [where authenticated/unauthenticated, internal/external boundaries exist]


## Assets


| Asset | Description | Sensitivity |
|---|---|---|
| [e.g., User credentials] | [What it is] | Critical |
| [e.g., Tenant data] | [What it is] | High |
| [e.g., API tokens] | [What it is] | High |


## Threat Actors


| Actor | Motivation | Capability |
|---|---|---|
| Unauthenticated external user | Data theft, service disruption | Low-Medium |
| Authenticated user of another tenant | Cross-tenant data access | Medium |
| Compromised service account | Lateral movement | High |


## Threats and Mitigations


### Threat 1: [Title]


- **STRIDE Category**: Spoofing | Tampering | Repudiation | Information Disclosure | Denial of Service | Elevation of Privilege
- **Attack Vector**: How the attack would be carried out.
- **Impact**: What the attacker would gain or what damage would occur.
- **Existing Mitigations**: What is already in place to prevent this.
- **Residual Risk**: Risk remaining after existing mitigations.
- **Recommended Mitigations**: Additional measures to reduce risk.


### Threat 2: [Title]


[Same structure as above]


## Risk Summary


| # | Threat | STRIDE | Likelihood | Impact | Residual Risk | Mitigation Status |
|---|---|---|---|---|---|---|
| 1 | [Title] | [Category] | Low/Med/High | Low/Med/High | Low/Med/High | Mitigated / Open |


## Recommendations


Prioritized list of security improvements resulting from this analysis.


## Review Schedule


- **Next review**: YYYY-MM-DD or when the feature undergoes significant changes.

Copyright: © Arda Systems 2025-2026, All rights reserved