Final answer:
Option 4, 'Focused on social engineering,' is not one of the three common threat modeling techniques, which are: Focused on assets, Focused on attackers, and Focused on software. Social engineering is considered within other threat modeling frameworks.
Step-by-step explanation:
The question asks which of the following is not one of the three common threat modeling techniques. The three well-established threat modeling approaches are: 1) Focused on assets, 2) Focused on attackers, and 3) Focused on software. These frameworks help to understand how an attacker might compromise a system, what they might be after, and what can be done to harden the system against these threats. The fourth option provided, "Focused on social engineering," while a legitimate concern in security, is not typically categorized as a standalone threat modeling technique; rather, it is a tactic that attackers might use. Social engineering is generally considered under the umbrella of attacker-focused or even asset-focused threat modeling, depending on the context.
Therefore, it's clear that option 4, "Focused on social engineering," is not one of the three common techniques for threat modeling. Evaluation of a design usually employs various methods and consideration of the attributes of the product, as well as testing, to ensure quality.J11