The past couple of decades have witnessed a gradual, but consistent shift in the way enterprises leverage information and physical technology to achieve superior performance. From being organized around the flow of tangible or monetary assets, the world business and economies are now increasingly structured and growing around the flow of information. Leading organizations have recognized information as their firm's primary strategic asset and learned to base key strategic initiatives around their information assets. The well-known saying in management that "You can't manage what you can't measure" applies to all company assets, including information. However, together with this old adage, one could very well say: "You can't protect what you can't manage". And here lies the true challenge of securing enterprise assets and information assets in the first place, i.e. achieving strong security while still allowing ease of use and effective management of the assets one wishes to protect.