Imagine you have a treasure chest, and you want to protect it from pirates. There are many different ways you can protect your treasure, like building a fort, hiding it on a deserted island, or putting it in a cave with traps. Each of these ways is like a "model" for protecting your treasure. In the world of computers and the internet, the treasure is important information, and the pirates are hackers or threats that want to steal or damage this information. A "threat model" is a plan to protect this information.
Evaluating a threat model means figuring out which plan is the best for keeping your treasure safe. The best plan depends on what kind of treasure you have and what tools or skills your team is good at using. For example, one plan might be great for people who are just starting and don't know much about setting traps because it gives them a step-by-step guide. Another plan might be better for people who like to come up with creative ways to hide or protect the treasure.
Some plans focus on what the treasure is and how it can be attacked. Others might focus on figuring out who the most likely pirates are or how to make sure the treasure is harder to find from the start. To pick the right plan, you need to first decide what's most important for you. Is it more important to find all the possible ways pirates could attack, or just the most likely and dangerous ones? You also need to know a lot about your treasure, like what's the most valuable part, who is supposed to use it, and who has special access.
For example, if you're an online store, your most valuable treasure might be your customers' information, like their credit card details. But if you're a company that makes missiles, your most valuable treasure might be the designs and details about those missiles.
Some plans come with a lot of tools and advice that you can find online, and there are even companies that can help you use those plans. So, if you and your team are new to protecting treasures, you might want to pick a plan that has lots of help available.
In short, evaluating a threat model is like choosing the best plan to protect your treasure based on what's most important to you and what tools and skills you have.