How should the system be organized so that critical assets can be protected against external attack?
How should the system assets be distributed so that the effects of a successful attack are minimized?