Security theory is a broad term used to describe
methods of securing items, whether physical or
computer data (e.g. - a
military compound vs. a
Yahoo! server). Methods may include, but are not limited to,
patrolling
guards,
password protection,
metal detectors,
retinal scans and
encryption. Naturally, security methods differ when trying to secure different types of things. One would usually not necessarily assign a retinal scan procedure for access to a computer
database, though the
NSA probably does for some databases.
The two branches of security theory are centered around what one is trying to protect - a physical item or computer-held information.
In the case of a physical object, security is somewhat straightforward. The aim is to allow only authorized individuals access to the object you wish to protect. Therefore, one must offer no way for an unauthorized individual to access that object. Fences, guards, and closed-circuit cameras are clear ways of accomplishing this, though the ways in which they are implemented is crucial to their effectiveness. Of course, it is clearly impossible to achieve this level of security when one is trying to secure, say, the president of the United States when he is giving a speech outdoors in the middle of a city. For this reason, the Secret Service does not focus on sealing off the area, but instead looks for suspicious behavior in individuals in the surrounding area and removes them if necessary and also keeps an eye on nearby buildings for flashes of light (which could indicate a rifle scope). This is called creating relative security. Relative security is used to describe an area that is more secure under current security practices than it would be if lesser or no security measures were taken. Naturally, the president in this case is not even close to completely secure, but is much more secure than if he had no guards performing this task.
Computer security is far more complicated and specialized. This type of security deals primarily with data protection but encompasses many other niches of computing as well. Computer security began with encryption in WWII, as computers were developed, in part, to aid in the decryption of enemy transmissions. Today, encryption is accomplished in many ways, using complicated algorithms to scramble and obfuscate meaningful information into meaningless data that must be decrypted to be usable. Modern algorithms for encryption are so effective that the best ones could not be broken for millions of years (long enough to make said information meaningless by that time). Later in computer history the idea came about that one need not encrypt all the information one wishes to hide if only the people you want to see the information can access it. Hence the birth of password protection. While in theory this method of data protection is flawless, in practice there are many variables that may lead to a security breach. For instance, one of the individuals that has access to the data may leak his or her password to another, unauthorized individual. Computer-savvy persons may analyze the computer code that implements the password protection on a certain computer and find a flaw and use this to gain unauthorized access.
This is a basic introduction to security theory and is not an authoritative source. To learn more about security theory there are countless books on every aspect of computer-related security. Books on other forms of security are harder to procure. Military training and/or working for a security firm would advance your knowledge in this oft overlooked field. See also: security, defense in depth, computer security, principles of security.