The importance of computer based information systems (IS) was recognized decades ago, but fundamental changes started with the penetration of computer networks. When Porter was emphasizing the importance of information for gaining competitive advantage in the mid-eighties (Porter, 1985), some visionary authors recognized that the most promising potential for information management is actually hidden in computer communications (McFarlan, 1984). This was proved in the '90s, when the electronic business era started. It became clear that computer communications technology has changed not only the nature of information systems, but business in general. Information technology (IT) turned out to be the main driving factor for business strategies (Kalakota, 1999). New business models emerged and reengineering of existing business processes became necessary. Concentration on internal business processes with emphasis on products or services was no longer sufficient. The emphasis moved to the end of value chains, i.e., customers. Competitive advantage was achieved by linking competing chains through knowing and understanding customers. A deployment of highly sophisticated techniques enabled better fulfillment of customers needs (Sweiger, 1999). Successful external and internal data integration and management became essential for proper decision-making. Non-tangible outputs of business processes started to represent main parts of added value and IS were transformed into Webbased, customer centric information systems.
It is therefore obvious that security of information systems is getting a part of core business processes in every e-business environment. While data is clearly becoming one of the key assets on one side, ISs have to be highly integrated and open on the other side. Appropriate treatment of these issues is not a trivial task.
This chapter provides managers of intelligent enterprises with a new approach towards IS security management. It gives a necessary technical background and focuses afterwards on human resources, i.e., human factors management, which turned out during recent years to be the most important element to assure security of organizations' IS. The methodology is based on incorporation of business dynamics (Sterman, 2000) and business intelligence. Note that holistic management of IS security requires not only understanding of technological and organizational issues, but also appropriate coverage of system analysis and design, auditing issues, inter-organizational issues and legislation. For a complete and coherent treatment of these issues, a reader is advised to read (Tr ek, 2003).