"Each section of this guide will explore another dimension of digital security—assets, attackers, risks and likelihood—and address these key questions: What do I want to protect? Who are my attackers? Is my attacker able to succeed? How likely is it that my attacker will succeed? Threat modeling consists of two types of assessments: Firstly, an analysis of the project’s environment (questions one and two). Secondly, an estimation of the likelihood that potential attacks will really happen (questions three and four). To prepare for threat modeling, we have added a “question zero” for project managers: Who are we and what do we do? This helps to establish a clear understanding of the entire project, with all of its workflows and challenges that employees face in their day-to-day work environment. A threat model is the basis for a digital security concept that should be developed along with IT experts so that your concept is both technically sound and practically enforceable. Having a clearly defined list of assets and their vulnerability empowers employees to protect them with appropriate countermeasures, and educates them on risks. This will increase the efficacy of a security concept in practice." (Executive summary)