As described in the BLUES overview, creating a threat model is one of the first steps in ensuring security is aligned with business goals is to ask the four basic questions:
- What are we working on?
- What can go wrong?
- What are we going to do about it?
- Did we do a good enough job?
Some of the most influential thought leaders in the field of Threat Modelling have now published the Threat Modelling Manifesto. A great source that outlines the basis on which Threat Modelling in Cyber Security is founded. Well worth a read.
Source: Threat Modeling Manifesto