In their careers, the authors, Brian Allen and Rachelle Loyear, have been instrumental in successfully reorganizing the way security is handled in major corporations. In this ground-breaking book, the authors begin by defining Enterprise Security Risk Management (ESRM):
“Enterprise security risk management is the application of fundamental risk principles to manage all security risks — whether information, cyber, physical security, asset management, or business continuity — in a comprehensive, holistic, all-encompassing approach.”
In the face of a continually evolving and increasingly risky global security landscape, this book takes you through the steps of putting ESRM into practice enterprise-wide, and helps you to:
- Differentiate between traditional, task-based management and strategic, risk-based management.
- See how adopting ESRM can lead to a more successful security program overall and enhance your own career.
- Prepare your security organization to adopt an ESRM methodology.
- Analyze and communicate risks and their root causes to all appropriate parties.
- Identify what elements are necessary for long-term success of your ESRM program.
- Ensure the proper governance of the security function in your enterprise.
- Explain the value of security and ESRM to executives using useful metrics and reports.
Throughout the book, the authors provide a wealth of real-world case studies from a wide range of businesses and industries to help you overcome any blocks to acceptance as you design and roll out a new ESRM-based security program for your own workplace.