
threat-mitigation-mapping
β 37,559by wshobson Β· part of wshobson/agents
Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.
This is the playbook your agent receives when the skill activates β you don't need to read it to use the skill, but it's here to audit before installing.
Threat Mitigation Mapping
Connect threats to controls for effective security planning.
When to Use This Skill
- Prioritizing security investments
- Creating remediation roadmaps
- Validating control coverage
- Designing defense-in-depth
- Security architecture review
- Risk treatment planning
Core Concepts
1. Control Categories
Preventive βββββΊ Stop attacks before they occur
β (Firewall, Input validation)
β
Detective ββββββΊ Identify attacks in progress
β (IDS, Log monitoring)
β
Corrective βββββΊ Respond and recover from attacks
(Incident response, Backup restore)2. Control Layers
| Layer | Examples |
|---|---|
| Network | Firewall, WAF, DDoS protection |
| Application | Input validation, authentication |
| Data | Encryption, access controls |
| Endpoint | EDR, patch management |
| Process | Security training, incident response |
3. Defense in Depth
ββββββββββββββββββββββββ
β Perimeter β β Firewall, WAF
β ββββββββββββββββ β
β β Network β β β Segmentation, IDS
β β ββββββββββ β β
β β β Host β β β β EDR, Hardening
β β β ββββββ β β β
β β β βApp β β β β β Auth, Validation
β β β βDataβ β β β β Encryption
β β β ββββββ β β β
β β ββββββββββ β β
β ββββββββββββββββ β
ββββββββββββββββββββββββTemplates and detailed worked examples
Full template library and detailed mitigation/control mappings live in references/details.md. Read that file when you need the concrete templates for: Mitigation Model, Defense in Depth scoring, Executive Summary scaffolding, Critical Gaps reporting, Recommendations, Implementation Roadmap, Results by Control.
Best Practices
Do's
- Map all threats - No threat should be unmapped
- Layer controls - Defense in depth is essential
- Mix control types - Preventive, detective, corrective
- Track effectiveness - Measure and improve
- Review regularly - Controls degrade over time
Don'ts
- Don't rely on single controls - Single points of failure
- Don't ignore cost - ROI matters
- Don't skip testing - Untested controls may fail
- Don't set and forget - Continuous improvement
- Don't ignore people/process - Technology alone isn't enough
npx skills add https://github.com/wshobson/agents --skill threat-mitigation-mappingRun this in your project β your agent picks the skill up automatically.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.
Licensed under MITβ you can use, modify, and redistribute it under that license's terms.
View the full license file on GitHub β