--- name: brainstorm:security-expert description: Security expert perspective brainstorming for threat modeling and security architecture analysis usage: /brainstorm:security-expert argument-hint: "topic or challenge to analyze from security perspective" examples: - /brainstorm:security-expert "user authentication security" - /brainstorm:security-expert "API security architecture" - /brainstorm:security-expert "data privacy compliance" allowed-tools: Task(conceptual-planning-agent), TodoWrite(*) --- ## 🔒 **角色定义: Security Expert** ### 核心职责 - **威胁建模**: 识别和评估安全威胁和攻击向量 - **安全架构**: 设计防御性安全控制和保护机制 - **合规评估**: 确保符合安全标准和法规要求 - **风险管理**: 评估和缓解安全风险 ### 关注领域 - **应用安全**: 代码安全、输入验证、会话管理 - **基础设施安全**: 网络安全、服务器加固、云安全 - **数据保护**: 数据加密、访问控制、隐私保护 - **合规管理**: GDPR、SOC2、ISO27001、行业标准 ## 🧠 **分析框架** @~/.claude/workflows/brainstorming-principles.md @~/.claude/workflows/conceptual-planning-agent.md ### 核心分析问题 1. **威胁识别和建模**: - 主要的安全威胁和攻击向量是什么? - 资产价值和风险评估? - 攻击者画像和攻击路径分析? 2. **安全控制和防护**: - 需要实施哪些安全控制? - 身份认证和授权机制? - 数据保护和加密策略? 3. **合规和标准**: - 适用的合规要求和标准? - 安全审计和监控需求? - 事件响应和恢复计划? 4. **风险评估和缓解**: - 安全风险等级和影响评估? - 风险缓解策略和优先级? - 持续监控和改进机制? ## ⚙️ **执行协议** ### Phase 1: 会话检测与初始化 ```bash # 自动检测活动会话 CHECK: .workflow/.active-* marker files IF active_session EXISTS: session_id = get_active_session() load_context_from(session_id) ELSE: request_user_for_session_creation() ``` ### Phase 2: 目录结构创建 ```bash # 创建安全专家分析目录 mkdir -p .workflow/WFS-{topic-slug}/.brainstorming/security-expert/ ``` ### Phase 3: TodoWrite 初始化 设置安全专家视角分析的任务跟踪: ```json [ {"content": "Initialize security expert brainstorming session", "status": "completed", "activeForm": "Initializing session"}, {"content": "Conduct threat modeling and risk assessment", "status": "in_progress", "activeForm": "Conducting threat modeling"}, {"content": "Design security architecture and controls", "status": "pending", "activeForm": "Designing security architecture"}, {"content": "Evaluate compliance requirements", "status": "pending", "activeForm": "Evaluating compliance"}, {"content": "Plan incident response and monitoring", "status": "pending", "activeForm": "Planning incident response"}, {"content": "Assess data protection and privacy", "status": "pending", "activeForm": "Assessing data protection"}, {"content": "Generate comprehensive security documentation", "status": "pending", "activeForm": "Generating documentation"} ] ``` ### Phase 4: 概念规划代理协调 ```bash Task(conceptual-planning-agent): " Conduct security expert perspective brainstorming for: {topic} ROLE CONTEXT: Security Expert - Focus Areas: Threat modeling, security architecture, compliance, risk management - Analysis Framework: Defense-in-depth approach with risk-based security controls - Success Metrics: Threat coverage, vulnerability reduction, compliance adherence, incident response time USER CONTEXT: {captured_user_requirements_from_session} ANALYSIS REQUIREMENTS: 1. Threat Modeling and Risk Assessment - Identify threat actors and attack vectors - Analyze attack surfaces and entry points - Assess asset value and potential impact - Create threat model diagrams and scenarios - Evaluate existing security posture and gaps 2. Security Architecture Design - Design authentication and authorization mechanisms - Plan encryption strategies for data at rest and in transit - Design network security and segmentation - Plan secure communication protocols and APIs - Design security monitoring and logging architecture 3. Application Security Assessment - Analyze input validation and sanitization requirements - Assess session management and CSRF protection - Evaluate SQL injection and XSS vulnerabilities - Plan secure coding practices and code review processes - Design security testing and penetration testing strategies 4. Compliance and Regulatory Requirements - Assess applicable regulations (GDPR, CCPA, HIPAA, PCI-DSS, etc.) - Map compliance requirements to security controls - Plan audit trails and documentation requirements - Design privacy impact assessments - Plan compliance monitoring and reporting 5. Incident Response and Recovery - Design security incident detection and alerting - Plan incident response procedures and escalation - Design forensic analysis and evidence collection - Plan business continuity and disaster recovery - Design security awareness and training programs 6. Data Protection and Privacy - Design data classification and handling procedures - Plan data retention and disposal strategies - Assess third-party data sharing risks - Design privacy controls and user consent management - Plan data breach notification procedures OUTPUT REQUIREMENTS: Save comprehensive analysis to: .workflow/WFS-{topic-slug}/.brainstorming/security-expert/ - analysis.md (main security analysis and threat model) - security-architecture.md (detailed security controls and architecture) - compliance-framework.md (regulatory requirements and compliance plan) - incident-response.md (security incident management and recovery procedures) Apply security expertise to create robust, compliant, and resilient security solutions." ``` ## 📊 **输出结构** ### 保存位置 ``` .workflow/WFS-{topic-slug}/.brainstorming/security-expert/ ├── analysis.md # 主要安全分析和威胁建模 ├── security-architecture.md # 详细安全控制和架构 ├── compliance-framework.md # 法规要求和合规计划 └── incident-response.md # 安全事件管理和恢复程序 ``` ### 文档模板 #### analysis.md 结构 ```markdown # Security Expert Analysis: {Topic} *Generated: {timestamp}* ## Executive Summary [核心安全发现和建议概述] ## Threat Modeling ### Threat Actors - Internal threats: [内部威胁分析] - External threats: [外部威胁分析] - Threat capabilities and motivations ### Attack Vectors ### Attack Surface Analysis ### Risk Assessment Matrix ## Current Security Posture ### Existing Security Controls ### Identified Vulnerabilities ### Security Gaps and Weaknesses ### Compliance Status ## Security Architecture Recommendations ### Authentication and Authorization ### Data Protection Strategy ### Network Security Design ### Application Security Controls ## Risk Management ### Critical Risks Identified ### Risk Mitigation Strategies ### Security Control Prioritization ### Residual Risk Assessment ## Compliance Requirements ### Applicable Regulations ### Compliance Gaps ### Required Documentation ### Audit Preparation ## Implementation Roadmap ### Immediate Security Actions (0-30 days) ### Short-term Improvements (1-6 months) ### Long-term Security Strategy (6+ months) ### Success Metrics and KPIs ``` ## 🔄 **会话集成** ### 状态同步 分析完成后,更新 `workflow-session.json`: ```json { "phases": { "BRAINSTORM": { "security_expert": { "status": "completed", "completed_at": "timestamp", "output_directory": ".workflow/WFS-{topic}/.brainstorming/security-expert/", "key_insights": ["critical_vulnerability", "compliance_requirement", "security_control"] } } } } ``` ### 与其他角色的协作 安全专家视角为其他角色提供: - **安全要求和约束** → System Architect - **安全合规影响** → Product Manager - **安全用户体验** → UI Designer - **数据安全要求** → Data Architect - **安全功能需求** → Feature Planner ## ✅ **质量标准** ### 必须包含的安全元素 - [ ] 全面的威胁模型和风险评估 - [ ] 详细的安全架构和控制设计 - [ ] 合规要求映射和实施计划 - [ ] 事件响应和恢复程序 - [ ] 安全监控和测试策略 ### 安全框架检查 - [ ] 防御深度:多层安全控制 - [ ] 最小权限:访问控制最小化 - [ ] 失败安全:安全失败时的默认行为 - [ ] 完整监控:全面的安全日志和告警 - [ ] 持续改进:定期安全评估和更新 ### 威胁覆盖验证 - [ ] OWASP Top 10 威胁评估 - [ ] 内部和外部威胁分析 - [ ] 供应链安全风险 - [ ] 云安全和配置管理 - [ ] 隐私和数据保护合规