One of the main issues to understand is, "What is the goal and/or goals of the attacker?" Different attackers have different goals. For instance, the disgruntled employee may only want to "to turn the lights out" with a denial-of-service (DoS) attack, which is an availability attack. Another attacker may want to steal personal information to facilitate identity theft, which is a confidentiality attack.
Fortunately, the goals of the attacker align with the three main security properties: availability, confidentiality, and integrity. Which one is most important to a specific attacker depends on their motivation and the underlying value of your information.
You now have an idea what the attackers want to achieve. Let's take a look at how they're going to try and do it.