A threat model is a conception tool for identifying security risks in software and other information systems. Threat modeling often includes an analysis of a data flow diagram. Data flow diagrams describe the movement of information in an information system such as a software system, the sources of information, what processes occur on the information, where the information is stored, and where the information eventually flows. The effectiveness of a threat model is dependent upon, for example, the structural validity and completeness of the threat model. Existing systems fail to evaluate the effectiveness of the threat model prior to threat model being reviewed by a model reviewer such as a security expert.