Enterprise Security and Risk Management
ESRM is the practice of managing a security program through the use of risk principles. It’s a philosophy of management that can be applied to any area of security and any task that is performed by security, such as physical security, cyber security, information security, business continuity management
When ESRM principles are applied, the security function changes completely — from a set of tasks, performed discretely, to a role. It’s no longer about checking IDs at entrance gates, or installing antivirus software, or trying to keep employees from stealing from retails stores. That doesn’t mean those functions aren’t important anymore. But it does mean that when they’re performed, they’re performed for a reason.
ESRM means security decisions are made by the right person, with the right authority and accountability, and for the right reasons — reasons based on defined risk principles.
How is ESRM familiar?
As a security professional, you may already practice some of the components of ESRM. Many of the concepts – such as risk identification, risk transfer and acceptance.
How is ESRM practical?
ESRM offers you a straightforward, realistic, actionable approach to deal effectively with all the distinct types of security risks facing you as a security practitioner.
How is ESRM new?
While many of the principles are familiar, the authors have identified few organizations that apply them in the comprehensive, holistic way that ESRM represents – and even fewer that communicate these principles effectively to key decision-makers
Enterprise Security Risk Management
Concepts and Applications, the authors deliver the tools and materials that will help you advance you in the security field, no matter if you are a student, a newcomer, or a seasoned professional. Included are realistic, practical case studies, questions to help you assess your own security program, thought-provoking discussion questions, useful figures and tables, plus references for your further reading.