This invention relates generally to the field of computer-related methodologies for handling complex risk and security challenges of an enterprise. More specifically, this invention relates to active policy enforcement for preventing, detecting, mitigating, and responding to blended risks and threats across IT, Physical and Operational domains, and various organizations within an enterprise, with an overall objective of protecting the critical infrastructure.