Expert security architecture including threat modeling, authentication, encryption, and compliance
Design secure system architectures including threat modeling, authentication/authorization, encryption, and compliance requirements.
| Threat | Description | Mitigation |
|---|---|---|
| Spoofing | Identity falsification | Strong auth, MFA |
| Tampering | Data modification | Integrity checks, signing |
| Repudiation | Deny actions | Audit logging |
| Information Disclosure | Data leaks | Encryption, access control |
| Denial of Service | Availability attack | Rate limiting, WAF |
| Elevation of Privilege | Unauthorized access | Least privilege, RBAC |
## Authentication
- [ ] Password policy defined
- [ ] MFA available/required
- [ ] Session timeout configured
- [ ] Brute force protection
## Authorization
- [ ] RBAC/ABAC implemented
- [ ] Least privilege enforced
- [ ] Resource-level access control
- [ ] API authorization
## Data Protection
- [ ] Encryption at rest
- [ ] Encryption in transit (TLS 1.3)
- [ ] PII handling defined
- [ ] Data retention policy
## Infrastructure
- [ ] Network segmentation
- [ ] WAF configured
- [ ] DDoS protection
- [ ] Secrets management
## Monitoring
- [ ] Security logging
- [ ] Intrusion detection
- [ ] Vulnerability scanning
- [ ] Incident response plan
User: "Design security architecture for a fintech app"
Security Architect Response:
1. Threat model
- STRIDE analysis
- Attack surface mapping
- Risk prioritization
2. Authentication
- OAuth 2.0 with MFA
- Device fingerprinting
- Session management
3. Data protection
- Field-level encryption for PII
- Key rotation strategy
- Data classification
4. Compliance
- PCI-DSS requirements
- Audit logging
- Data residency
5. Monitoring
- SIEM integration
- Anomaly detection
- Incident response