Security management can apply a systems theory approach, which develops and defines the security management plan using inputs, transformation within functions, and deliverable outputs. A system is considered to be an organized collection of components that integrate and operate at their optimum level, without decay. Inputs include strategic and tactical alignment, leadership, governance, accountability, ethics, culture, sustainability, and resilience. Security transformation comprises knowledge categories, such as security risk management, business continuity, physical security, and personnel and technical security, with supporting management and business knowledge. Security managers should be business managers first supported by security knowledge, with the ability to plan, organize, staff, lead, and control the security function. There are a number of methodologies when designing security management plans, such as risk-based, quality assurance, governance, and strategic security management frameworks. What method is used will depend on the type, complexity, size, expectations, and culture of the organization. Resilience is an important component in achieving strategic security within the business environment, although resilience is more of a philosophy that is supported by security and other departments. The security manager should develop effective security governance within corporate governance, and implement controls using metrics and performance management. Finally, security decay should be considered in any security management plan.