Understanding [this diagram](https://pbs.twimg.com/media/B5VOJz6CcAAVUPJ.jpg:large) referenced by the tweets below will get someone a long way towards understanding effective threat modeling and security management:

https://twitter.com/ncoghlan_dev/status/546454021762859008
https://twitter.com/JohnLaTwC/status/546428860682604544