Enterprise Security Risk Management
Additional Information
ESRM What It Is: a security program management approach that links security activities to an enterprise's mission and business goals through risk management methods. The security leader's role in ESRM is to manage risks of harm to enterprise assets in partnership with the business leaders whose assets are exposed to those risks. ESRM involves educating business leaders on the realistic impacts of identified risks, presenting potential strategies to mitigate those impacts, then enacting the option chosen by the business in line with accepted levels of business risk tolerance.
ESRM How It Works: Places the responsibility for security risk management decision making with the asset owners. In other words, whoever owns the asset owns the risk. The security professional (a generic title used here to describe the security representative in the security risk management process) supports and guides asset owners through the security risk management decision-making process. ESRM accounts for any security risk—physical, personnel, cyber, information, and more—in a seamless holistic fashion. In the ESRM context, a security professional adopts the role of advisor, rather than enforcer. This is also a strategic role because security professionals tie security risk decisions to the organization’s overall strategy. Thus, security functions as a business enabler and a tool to help the organization accomplish its mission.
Additional ESRM Information
How to Implement ESRM
How to Implement ESRM
How to Implement ESRM
Enterprise security risk management (ESRM) links security activities to an enterprise's mission and business goals through risk management methods.
Five Insights on ESRM
How to Implement ESRM
How to Implement ESRM
There are five overall concepts that provide guidance about the nature of enterprise security risk management (ESRM).