System Design
Advanced

Threat Model and Cost Review

Evaluate security, privacy, and cost before a design becomes expensive to change.

45 min
3 sections
security
privacy
cost
finops
1
2
3

01. Threat-model the data paths

Section 1 of 3

A practical threat model follows sensitive data through every path: API, database, cache, queue, search index, logs, analytics, export jobs, and support tools. Many enterprise breaches come from derived stores that were not included in the original privacy model.

text
Threat model table:
Asset: customer support ticket body
Stores: postgres, search index, object export, logs, analytics snippets
Threats: tenant leak, overbroad support access, prompt injection in ticket text, accidental log capture
Controls: tenant filter, row-level auth checks, permission-filtered indexing, log redaction, export approval
Evidence: tests, audit events, access review report, deletion runbook
Back to Course