Demographics. Geopolitics. Innovation.
Security domains involve the areas which cover the risks and threats to a system requiring security, which can be a government, company, community or another type of entity. Objects and actors can be anything from people to design to reactions and anything that allows input and provides output, or is part of both. While we use examples of digital security and risks, these risks apply to security outside of the digital world and we can apply many of these domains to past systems before the digital world (or current systems outside the digital world).
External. External security covers actors and objects outside the system requiring security. If the system is a company, external threats could be foreign or local hackers outside the company, industry competitors, activists, etc. Almost all discussions about security involve external since this is what most discussions perceive to be the largest threat.
Internal. Internal security covers actors and objects within the system and linked to actors and objects within the system requiring security. The latter part of internal security is seldom understood: if an employee at a company reveals information to a friend, the friend becomes an internal security risk because of the link with the employee. Despite the common assumption that companies are most threatened by external security, internal security is by far the highest risk. Of the major cybersecurity compromises that Maixin Research investigated, most of them could be tied to internal information leaked to external sources.
Complexity. Complexity within systems creates risks that involve both internal and external and that can compound risks and threats. Unlike external and internal, complexity can involve both and has its own risks and threats regardless of internal or external actors. A comparison of a simple versus complex system:
We can see a comparison of a simple and complex system within the same country country – the Amish (simple system) versus medical bureaucracy in the United States. The Amish have a localized and simple system where businesses meet customers need without bureaucracy. The medical system in the United States ties hundreds of entities together that must exist for the entire system to function. An attack against an Amish community would do nothing to other Amish communities – the simplicity of their system offers not only robust security, but also a system that can withstand adversity. By contrast, an attack against one medical entity within the complex medical system could cause an entire system halt.
Consistent with behavioral laws, complex systems desire more complexity and increase their complexity until they collapse. All complex systems eventually collapse (the Ottoman Empire and the Soviet Union were two complex systems that collapsed in the 20th century).