Step 1. Threat Map. Identify potential threat methods for analysis.

Step 2. Harm Map. Connect scenarios to potential harms for the organization or its individuals or groups of individuals.

Step 3. Threat Scenarios. Develop practical description of the threat and challenge assumptions.

Step 4: Mitigation Map. Select suitable controls to mitigate potential harms.