Threat modellers should always look at threat modeling as a 4-step framework that should make sure that a system is safe. This 4-step framework consist of four questions that developers and threat modellers need to ask themselves
A: What are you building?
This is the first step in the 4-step framework. The threat modellers should figure out what they are building. By default, all software development projects consist of specifications and different types of documents. One of the simplest ways of getting an overview is by creating visual models of the system. By taking a look at such diagrams, the threat modellers should be able to get an idea of how extensive the system looks.
B: What can go wrong?
According to some practitioners, it is right to suggest a more detailed list of what can go wrong, instead of using STRIDE. STRIDE is too high level and abstract. Once we’ve looked at different models of the system, the threat modellers should be able to find possible attack patterns that may be a threat against the system.
C: What are you going to do about it or what should you do about those things that can go wrong?
This step consists of deciding what to do with every threat. It is in this step that the developers or the threat modellers need to make a calculated decision on which attacks to mitigate, and which attacks are hard to execute, so obscure, or not that damaging to the system. This step is where threats need to be addressed.
D: Did you do it right or did you do a decent job of analysis? After all possible threats have been considered as not damaging, it is time to re-evaluate the system design and implementation. Threat modeling is considered to be an iterative process. If the validation of a system fails, then the whole process needs to jump back to the first or the second step.