Threat modeling is the process used to identify security requirements by reviewing a diagram of the information technology architecture. The threat surface is the sum total of all the ways a threat can cross the boundary.

 

Step 1: Identify security objectives.

Step 2: Identify assets and external dependencies.

Step 3: Identify trust zones.

Step 4: Identify potential threats and vulnerabilities.

Step 5: Document your threat model.