Even in the era of intelligent enterprises, security management cannot avoid technical foundations. It is a fact that classical, cryptography-based approaches form the core of every security management; therefore the approach in this chapter starts with addressing these issues. However, this basis serves as a starting point for further development of a methodology for risk management that is concentrated on human resources. Experience shows that human factors play an increasingly important role. Taking this into account and due to the emergence of business intelligence, it is possible to further support the management of security in an intelligent way, which is the main motivation behind this chapter. The chapter provides decision makers of intelligent enterprises with an architecture that improves risk management.
Summing up, qualitative models that serve as a basis are obtained by casual loop diagramming. They are further elaborated and upgraded by real time data to obtain a quantitative means to support decision-making processes. In the latter phase, business intelligence plays a central role. Thus, deploying business intelligence, decision makers can obtain data in real time to simulate the effects of their decisions and eventually to modify their qualitative models.
An important message of this chapter is that security solutions will have to be increasingly customized and based on simulations because of the shifting emphasis towards the human factor. Actually, modeling information systems with emphasis on the human factor is inherently tied to (systems of) integral and differential equations. These mostly result in solutions, which in the majority of cases cannot be found analytically. Thus, customized simulations are the answer to manage such complex systems.
Finally, when using the business intelligence methodology described in this chapter one should bear in mind an increasingly important fact that security is not a state, but a process. This process has to be incorporated into the roots of every information system. And to achieve and fulfill security goals, permanent commitment from the management is required with an emphasis on human resources.