Because of the increasing globalization, the technological progress and the degree of networking, the number of threats is constantly increasing. Security requirements often only play a minor role. With the new version of the IT Security Act, its scope has been extended and affected companies need to take actions to increase IT security. Threat modeling is a structured process that is already used in secure hardware and software development. Both the nature of the attacks and the life cycle time differ from traditional SW development. Starting from the machine learning structure, this article offers a top-down approach to the system-oriented perspective of threat modeling.