Before you start the threat modeling process, it is important that you understand the following basic terminology:
Asset . A resource of value, such as the data in a database or on the file system. A system resource.
Threat . A potential occurrence, malicious or otherwise , that might damage or compromise your assets.
Vulnerability . A weakness in some aspect or feature of a system that makes a threat possible. Vulnerabilities might exist at the network, host, or application levels.
Attack (or exploit) . An action taken by someone or something that harms an asset. This could be someone following through on a threat or exploiting a vulnerability.
Countermeasure . A safeguard that addresses a threat and mitigates risk.
Consider a simple house analogy: an item of jewelry in a house is an asset and a burglar is an attacker. A door is a feature of the house and an open door represents a vulnerability. The burglar can exploit the open door to gain access to the house and steal the jewelry . In other words, the attacker exploits a vulnerability to gain access to an asset. The appropriate countermeasure in this case is to close and lock the door.