Taking a tiered or layered approach is one of the best strategies for handling the many challenges of cybersecurity. That’s why we created the Domains Triad, which breaks down security into three parts: Cyber, Physical, and People. Similar to how the CIA Triad provides a compartmentalized view of how to protect sensitive data, the Domains Triad focuses on the threats we face both professionally and personally in three specific areas:

The Cyber Domain: everything from the internet to our networks, computers, and smart devices.

The Physical Domain: the tangible side of security. It’s our office buildings, desks, documents, badges, and physical media.

The People Domain: the people we interact with, such as our coworkers, suppliers, clients, and partners.

With the domains defined, we have the advantage of identifying risks and developing a system of incident response for each one. This strategy empowers your end-users and simplifies the ever important “report incidents ASAP” objective. Here a few examples of incidents to report in each domain:

Incidents To Report in the Cyber Domain


Still the dominant method used by cybercriminals, phishing is the most common way malware finds its way onto computers and networks. According to the Verizon Data Breach Investigations Report, 66 percent of malware was installed via malicious attachments. Furthermore, the number of spam messages sent each day has reached 90 billion, according to Norton. While mostly harmless, excessive junk mail can overload servers and impact performance, unusually high amounts of spam should be reported. This also includes SPIM (spam sent via instant messaging), and SPIT (spam sent over Internet Telephony).


Like phishing, smishing is a social engineering attack that uses text messaging to deliver bogus links. Train your users to stay alert for odd requests or links that come to their company-issued devices (as well as personal ones). In most cases, it’s safe to assume the link is malicious.

Privileged Access

One of the keys to information security is protecting systems from unauthorized access. This is why access controls are utilized, which grant specific individuals specific permissions. Users should be encouraged to say something if they believe they’ve been given unnecessary access to information or systems. And your organization should punish those who knowingly share their credentials with unauthorized parties for any reason.

Incidents To Report in the Physical Domain


When someone tailgates, they sneak into a secured area or checkpoint by following someone else who has legitimate access. Unauthorized physical access is a security risk and needs to be reported immediately.


Similar to tailgating, someone piggybacks by gaining access via someone else’s credentials. The biggest difference is that the person with legit access knowingly allows this person entry. For example, if you swipe your badge and hold the door open for someone, you’ve just allowed them to piggyback. And you’ve just created a security event.

Malicious Media

The temptation to plug in a random USB or optical disc, maybe one found on the ground or received at random through the mail, is exactly what social engineers are betting on when they load these things with malware. USB drives are especially risky since most of them are programmed to auto-run, which can automatically infect a computer just by being plugged in.

Incidents To Report in the People Domain


The telephone equivalent of phishing, vishing is a scam whereby the attacker attempts to convince someone to relinquish sensitive information over the phone. This is often carried out with automated messages that inform the victim there has been suspicious activity on their bank account (for example) and advises them to call a specific number.

In-Person Pretexting

Most scams include some version of a pretext — a made-up scenario that targets people in hopes of tricking them into divulging sensitive info. In-person pretexting happens live, putting users face-to-face with a social engineer. Think wedding crashers and apply it to sensitive information.

Disgruntled Employees

This is a tough one because it could involve employees who work together instead of external actors. Disgruntled employees are a threat to both cyber safety and physical safety. Encourage your end-users to report these individuals before the situation gets worse.

The Security Awareness Company works with you 1-on-1 to implement cyber awareness & compliance programs. With a greater than 95% client retention rate, we’re experts at creating human firewalls out of end-users! Get started here.

Justin Bonnema

Lead Writer at SAC
Justin left the music business to focus on his true passion: writing. A talented writer and detailed researcher, he’s involved in every department here at SAC to make sure all content is fresh and up-to-date. In his spare time, Justin writes about fantasy football for FootballGuys.com and practices mixology (he makes a mean margarita).