Description should include a definition of threat modeling and the concepts that

For example, a company that processes payments via an Internet site increases the vulnerability of threats against the payment processing system from attackers anywhere in the world. A company that does not collect information via the Internet would have much less vulnerability from that attack avenue.

Teacher Resource:

CYBER.ORG Cyber Business Module: How Businesses Secure Information