Systems and methods relating to a method for generating a threat analysis and modeling tool are described. In an implementation, aggregate analysis is performed upon applications of an enterprise for complete risk management of the enterprise. The threat analysis model is generated by defining the application, its attributes and the rules related to the application. An application task list is generated from a common task list for the application. Countermeasures for known attacks pertaining to the application are described in the application task list, which allows the developer to reduce the risk of attacks.