The process of identifying, understanding, and addressing potential threats in a prioritized way. It involves creating a conceptual model of the system or application, including data flow and connectivity, and then identifying assets, threats, and vulnerabilities within this model. The purpose is to mitigate possible security risks during the design phase of a system rather than after deployment.