Evaluating threats to business-critical applications by using threat modeling involves identifying potential threats and assessing their impact. Describe the steps you would take to conduct this evaluation. How would you ensure that the threat modeling process is comprehensive and addresses both internal and external threats?