STRIDE is a threat-modelling methodology developed by Microsoft. The six letters stand for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. You apply STRIDE to system components and data flows to identify threats systematically. In the SDLC, STRIDE is typically used during the design phase. In an ISMS, STRIDE complements risk identification by providing a structured thinking framework for threat analysis.