1.Why do we create models?A)EXPLANATION 1 : Models gives clear information of an idea i.e. models are helpful in defining a process briefly without any hurdles. Models help in smooth flow of data in the company, it also helps the employees of organization to understand the project clearly. Models are also helpful in matters of competitive advantage.For example : If my organization is in competition with another company than I would prepare a model that would help me in building up my products and services in a better way when compared to another company.Models are created to reduce the threat of the company by identifying them at the earlier stages. Models also help us in understanding the errors in the process and also giving suggestions as to how we should deal with those errors and rectify them. EXPLANATION 2: Models are basically physical representation of an idea or the series of steps that are to be followed in a process. With the help of models even the new employees in the organization could carry out the work easily i.e. the new employees wouldn’t take much time in training process as the models gives clear idea of how to carry out the project.Models help us to identify threats and also take measures to overcome those threatsModels are also used to categorize threats and then frame strategies to overcome those threats.They also help us in creating an approach that can be followed to provide security to the data that is being threatened.Models protect assets that are more vulnerable to damage.2.What are three ways that people might start threat modeling?A) Threat modeling is a procedure that comprises of characterizing assets, defining the duties of each application in regard to these assets, making a security profile for every application, recognizing threats, prioritizing the threats that may cause more damage, and designing actions that can be taken against the threats. The main reason for creating threat model is to provide security to the information of the organization.Three ways that people might start threat modeling are :1. Software-centric: In this approach data flow diagrams are used to define the design of system2. Asset- Centric : This approach take into consideration the assets of the company and then assets are categorized based on their value and sensitivity.3. Attacker -Centric : This approach also uses diagrams like software centric, but the type of diagrams used are tree diagrams unlike the data flow diagrams. The main task of this approach is to know the goals that are set by the attacker and all the details of the attack are to be known, like how the attacker has planned the attack and how his plan will be carried out. In threat modeling ,the person creating the model will think like an attacker as this would help him in knowing the ways from where the attacker can provide damage to the information of the company, by doing this he can provide more security to the areas where threat is vulnerable.