A nice article on the subject, focused firmly on infrastructure, written by Pete Lindstrom at Information Security Magazine: http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss446_art927,00.html
The two opening para’s sum it up nicely:
The time has come to shed our reactionary “yesterday’s threat” mentality and start thinking ahead and planning for what’s to come. Enter threat modeling.
Threat modeling is the logical and systematic evaluation of every avenue of approach. You can then prioritize each avenue’s relative “threat level” based on factors such as the value of the target asset, likelihood of success and cost of attack.