Whoever is in charge to design a system has first of all to define a clear boundary between the system and its environment and the interactions crossing this boundary. For systems with the purpose to ensure security, what means to protect a certain entity, this is no trivial exercise. On the one hand the »Security-System« interacts with the »Entity-To-Protect«. On the other hand it has to interact with those entities that are assumed to jeopardize the security of the Entity-To-Protect: the »Source-Of-Hazard«. Furthermore the Entity-To-Protect naturally interacts with the Source-Of-Hazard and the Security-System has to be aware of this interaction. Finally the Security-System itself is a target for the Source-Of-Hazard and therefore also an Entity-To-Protect.
The system analysis approach to security introduced by the authors defines a basic interaction scheme between the three entities mentioned above. All three entities are thought as roles and not as physical distinct objects. So one human who protects himself is Entity-To-Protect as well as a Security-System. But the roles are strictly distinct and so it is possible to define clear interactions between them.
The interaction is modeled as flow of value from sink to source where the Source-Of-Hazard is a potential sink for value that causes loss to the Entity-To-Protect that itself is a source of benefit for the Security-System to pay its protection effort. This economic interaction is fundamental to all safety and security problems so far as human activity is the Source-Of-Hazard. Expressed with different functions of benefit over hazard the only distinction is made between utilizing the hazard as a means to gain economic benefit (e.g. robbery), regarding it as a purpose (gun rampage) or taking the hazard into account to save effort to prevent it (negligence). Being able to describe those economic interactions is a precondition to design properly working technical systems to ensure security.