There are many, many threat models available on the internet with extensive documentation on how to apply them to your organization. Most are designed to map out data flow, identify soft points in organizational processes, and assign mitigations based on specific type of probable attacker and their identified motivations. Not all attackers have the same targets and not all networks attract the same attackers. If you are a government, your attackers are APTs who want strategic intelligence actionable actionable intelligence. If your company isnt in the habit of assessing its own threats, it can seem foolish, because youre defending against someone elses threat.”]
Source: https://blog.malwarebytes.com/101/2016/10/threat-modeling-what-are-you-so-afraid-of/

