( -Identify parts of the system (user interface, data base, etc.), how they will be represented, who will have access
-Perhaps use STRIDE as part of modeling process
-Identify security features the different components of the system should have (e.g. where should crypto be used and what type, etc.)
