Successfully implementing ESRM in your organisation
James Thorpe
Share this content
For security professionals working at enterprise level, the current operating environment is proving to be amongst the most challenging they have ever faced.
The COVID-19 crisis has created a range of security and business challenges that must be planned for and protected against. For example, the huge increase in the number of employees working from home has led to fresh cybersecurity risks around the vulnerability of home networks.
This is where the value of Enterprise Security Risk Management (ESRM) truly becomes apparent. The principle is based on establishing a partnership between security professionals and business leaders to manage security risks.
According to the ‘Enterprise Security Risk Management Guideline’, released by ASIS International in 2019, the objective of ESRM is to identify, evaluate and mitigate the likelihood and/or impact of security risks to the organisation with priority given to protective activities that help enable the organisation to advance its overall mission. ESRM positions the security professional as a trusted advisor to help guide asset owners through the process of making security risk management decisions.
ESRM recommends that security professionals maintain an understanding of the organisation’s overall strategy, including its mission and vision, core values, operating environment and stakeholders. Understanding this context will enable security professionals to effectively support and align with the organisation’s strategic goals.
The key to enjoying success as a security manager is to earn the support of the C-suite. Gaining greater understanding of the organisation’s overall strategy will give security managers a better chance to shape their key messages and programmes in line with the thoughts of the CEO.
Security can often be seen as just a “cost” or “added extra” but applying the principles of ESRM will enable security managers to demonstrate the true value of their profession.
International Security Journal has partnered with Dataminr to deliver a webinar on Enterprise Risk Management, taking place at 2pm BST on Tuesday 2 June.
To register for FREE, please visit the link here
