Welcome to being a poster here :)
I do like the Grugq comment at the top - threat modelling sounds hard, so when it does get done it becomes the starting point for a lot of advice that then gets cargo culted by the tools brigade.
I would recommend having a go at it though, the Wikipedia page is a pretty decent introduction.
That's it - you have a threat model, now you can look at mitigations to the identified risks through controls against the attack vectors eg: telephone network failure impacting emergency services - provide an alternative communication system.
Typically a threat model for one of our products at work is a one-page document in confluence.
To follow up the Schneier quote about never-ending process: put a threat model review into your development lifecycle, they'll thank you in the end :)
Thanks for excellent comment, Phil! In fact I am little ashamed that I did not make this post more comprehensive and holistic, but even some basics are sometimes hard to grasp for ordinary people. Also thanks for notice on threat modelling, yes, one should definitely put a threat model review into the development lifecycle, and think about it at the first place. Maybe (if there'll be enough time), I'll write more comprehensive post later, but I am really not sure if whether it belong here, on forum focused primary on development.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.