Read a Forbes article written by ThreatModeler founder and CEO Archie Agarwal on what makes a good threat model by clicking here.
Excerpt: To answer the question of what makes a “good” threat model, I think it’s a good idea to establish what makes a threat model “bad.” As far as I am concerned, a bad threat model is something that you cannot use to communicate with nonsecurity professionals, such as developers or senior leadership. A bad threat model is also one that has a bad input, which will yield a bad output (“garbage in, garbage out”).