The creation of a threat model involves identifying key components of an application, decomposing the application, identifying and categorizing the component threats, rating and categorizing the threats to each component. rating the components based on their risk ranking and mitigation strategies.