To determine the threat of data loss from a modernized application, perform a security threat assessment by making a list of vulnerabilities that could be exploited. Prioritize the vulnerabilities according to their importance to your organization, then rate each as qualitatively high, moderate or low.
For example, if a password policy is not properly set for an application, a hacker can crack the password via SQL injection. Once the hacker gets in, he can pretend to be the legitimate user, then alter the codes in a biometric template if it is not encrypted.
As technology changes, new vulnerabilities can emerge for the same threat. If threats are rated as high and medium, a security threat assessment must be repeated.