During 2017, I watched as our profession and ASIS International began down the Enterprise Security Risk Management (ESRM) path. We declared ESRM as one of our cornerstone objectives, touted its return at our Annual Seminar and Exhibits with sessions and workshops, and structured an ASIS Board Initiative to begin inserting ESRM into the DNA of our society.
Over the past 10 months, we’ve had a chance to explore the concepts of Enterprise Security Risk Management (ESRM) in this column, and at the annual ASIS Seminar held in Dallas this year. It’s been an interesting journey, and we’ve learned so much, but we’ve also seen how far we have to go.
Security professionals like to solve problems.
The fun part of any Enterprise Security Risk Management (ESRM) program is starting with some interesting “what if” questions.
The move to Enterprise Security Risk Management, or ESRM, is a significant journey for organizations looking to reap the benefits of a risk-based, business focused approach to securing assets across the enterprise.
As I begin another year in the security industry, I’m hopeful that during 2017 we see our profession focus on Enterprise Risk Management, and that we begin the journey to identifying ourselves more closely as enterprise risk professionals.
The recent attacks on the Domain Name Service (DNS) hosted by Dynamic Network Services Inc. (Dyn) demonstrates a principle of risk management that we sometimes neglect to factor during our internal risk assessments — the impacts we may face from business partners or technology providers that cannot service our needs.
We recently relocated to the West Coast for work, to enjoy the lifestyle living by the ocean brings, and focus on new challenges for my employer.
I gave a presentation to a number of graduate students at a recent conference, and was struck by how energetic and engaging the students were.
As an organization matures its risk management program, opportunities arise to identify controls that satisfy a number of similarly themed risks.
Most Popular Stories
April 11-13, 2018
IAHSS Annual Conference & Expo
April 15-18, 2018
Focus On Manufacturing Security
April 18, 2018
25th Annual Toronto ASIS Chapter Best Practices
April 19, 2018
Canadian Technical Security Conference
April 24-25, 2018
Security Canada East
April 25, 2018