Enterprise Security and Risk Management
ESRM means security decisions are made by the right person, with the right authority and accountability, and for the right reasons — reasons based on defined risk principles.
ESRM is the practice of managing a security program through the use of risk principles. It’s a philosophy of management that can be applied to any area of security and any task that is performed by security, such as physical security, cybersecurity, information security, business continuity management and investigations.
When ESRM principles are applied, the security function changes completely — from a set of tasks, performed discretely, to a role. It’s no longer about checking IDs at entrance gates, or installing antivirus software, or trying to keep employees from stealing from retails stores. That doesn’t mean those functions aren’t important anymore. But it does mean that when they’re performed, they’re performed for a reason. ESRM means security decisions are made by the right person, with the right authority and accountability, and for the right reasons — reasons based on defined risk principles.
Some Reasons To Work Together
As a security professional, you may already practice some of the components of ESRM. Many of the concepts – such as risk identification, risk transfer and acceptance.
While many of the principles are familiar, the authors have identified few organizations that apply them in the comprehensive, holistic way that ESRM represents – and even fewer that communicate these principles effectively to key decision-makers
ESRM offers you a straightforward, realistic, actionable approach to deal effectively with all the distinct types of security risks facing you as a security practitioner.
Concepts and Applications, the authors deliver the tools and materials that will help you advance you in the security field, no matter if you are a student, a newcomer, or a seasoned professional.