All information systems can be represented by a conceptual and abstracted systems diagram. Therefore all attacks against information systems can also be ted. By studying the security of systems in an abstracted manner, it is possible to show significant areas of potential security concern and to provide a framework to develop and implement holistic defense strategies that may not be typically considered by system designers and operators. The simple taxonomy presented is easily understood and can be used to explain security concepts.