"The interviews and the analyses by the experts show that: –– Quality content increases safety. The editors interviewed for this publication confirm that fair and balanced journalism, which clearly distinguishes between facts and opinion and treats the people at the center of the story with resp ... ect tends to lead to increased respect from the audience and makes the journalists less of a target for potential attackers. It also increases trust on the part of audiences as well as with advertisers willing to pay for content. –– Audience engagement plays a crucial role in terms of safety. No matter whether through a membership model, regular informal exchanges or listener clubs — an audience that values a certain media outlet will be less likely to accept any attacks against it. –– Flexible and resilient business models are a must-have. They help organizations to react to new threats, to adapt strategies, and to maintain high quality and independent reporting in times of crisis. –– No viability without digital security. A media outlet that loses all its data or whose data gets hacked and its sensitive sources revealed, loses everything: content and credibility. Online attacks are more likely and easier to carry out than physical attacks. Digital security is an essential part of any safety concept. –– Diversity pays off. During the COVID-19 crisis, women and minority groups came under particular attack all around the world, online and offline. To include their stories and perspectives is not only a moral obligation but also makes business sense as they make up an essential part of audiences anywhere on the globe." (Synopsis, page 39) more

"Each section of this guide will explore another dimension of digital security—assets, attackers, risks and likelihood—and address these key questions: What do I want to protect? Who are my attackers? Is my attacker able to succeed? How likely is it that my attacker will succeed? Threat modeling ... consists of two types of assessments: Firstly, an analysis of the project’s environment (questions one and two). Secondly, an estimation of the likelihood that potential attacks will really happen (questions three and four). To prepare for threat modeling, we have added a “question zero” for project managers: Who are we and what do we do? This helps to establish a clear understanding of the entire project, with all of its workflows and challenges that employees face in their day-to-day work environment. A threat model is the basis for a digital security concept that should be developed along with IT experts so that your concept is both technically sound and practically enforceable. Having a clearly defined list of assets and their vulnerability empowers employees to protect them with appropriate countermeasures, and educates them on risks. This will increase the efficacy of a security concept in practice." (Executive summary) more