When protecting information, an organisation has to start with the identification of threats related to business assets. Based on threats, an approach has to be taken on two planes. The first plane covers interactions—it all starts with technology, where appropriate security services are realized by deployment of security mechanisms and consequently security services. To make things operational, key management that serves as a basis for human-machine interactions has to be resolved. Finally, human interactions have to be covered. In parallel, it is necessary to properly address the second (management) plane where human resources management is considered in relation to the technological basis.
Figure 1: E-Business Systems Security with Focus on Management of Human Factors.