System Design
Advanced
Threat Model and Cost Review
Evaluate security, privacy, and cost before a design becomes expensive to change.
45 min
3 sections
security
privacy
cost
finops
1
2
3
01. Threat-model the data paths
Section 1 of 3
A practical threat model follows sensitive data through every path: API, database, cache, queue, search index, logs, analytics, export jobs, and support tools. Many enterprise breaches come from derived stores that were not included in the original privacy model.
text
Threat model table:
Asset: customer support ticket body
Stores: postgres, search index, object export, logs, analytics snippets
Threats: tenant leak, overbroad support access, prompt injection in ticket text, accidental log capture
Controls: tenant filter, row-level auth checks, permission-filtered indexing, log redaction, export approval
Evidence: tests, audit events, access review report, deletion runbookBack to Course