Much academic research on computer security has followed a perfectionist approach, seeking a system so secure that it cannot be penetrated. However, in reality security is breached and systems are penetrated. This working paper outlines some preliminary concepts for thinking about such less fortunate circumstances. It also reviews a hardware mechanism called security master for addressing them.