“…Many risk analysis and threat modelling methodologies exist from academic [17,22,37,39,42,44,46,50,53], corporate [7,38,49] and national organizations [3,15,19,24,34] perspectives. Regarding the limitations of existing risk analysis and threat modelling approaches, several of them are too technical [49,53] and thus require deep knowledge in order to be applied, while others are too generic [7,34] and provide non-insightful but high-level results. Also, some of them are very well-documented [19,24,49], while others are mainly targeted to non-English speaking users [3,15].…”