It’s way easier than you think. Start with owning a house. You want to protect that house. Break down why you want to protect it - family, stuff, utility. What possible threats - fire storm, flood, burglar. Weight each risk on the Probability of it occuring and Impact if that risk does occur. (P&I) using a grid of low/med/high for each. Burglary, depending on your neighbourhood, is say low probability, low impact, i.e. shit gets stolen. Hurricane (tornado) is low probability but high impact (total loss).

Then you can decide how much budget you have to deal with this shit. Then list for every P&I risk factor a selection of mittigations. Better locks, screw and tie down roof, window security film etc. Then the last step is to trickle down your budget on the highest P&I risks so your limited money goes where it counts.

This simple model works on just about anything. The work is in imagination of possibilities and the due dilligence of mittigations. Crowdsourcing with others works. I usually do something like this starting with some focused whiteboarding sessions with stakeholders, then depending on budget and importance, move onto specific areas even up to making RFI and MOU and contracts with vendors.

The beauty is that when this is well done and disaster strikes, you can pull it up and have a preapproved action plan for dealing with the consequences of your disaster.

Easy to replace “house” with “privacy”.