“…Indeed, it is impossible to model all security-relevant devices, protocols and behaviours in a single model. Typically, socio-technical models look at capturing organisational infrastructure (e.g., [10], [16], [18], [12]), but sometimes they can focus only on some aspects of human-computer interactions (e.g., [19], [6]).…”