The creation of a threat model involves identifying key components of an application, decomposing the application, identifying and categoriz-ing the component threats, rating and categorizing the threats to each component. rating the components based on their risk ranking and mitigation strategies.