STRATEGIC OBJECTIVE: ENTERPRISE SECURITY RISK MANAGEMENT (ESRM)

Excerpt from the ASIS Strategic Plan (2016-2021).  

ESRM is a strategic security program management approach that ties an organization’s security practice to its mission and business goals using globally established and accepted risk management principles. ESRM recognizes that security responsibilities are shared by both security and business leadership, but that all final security decision making is the responsibility of the business leaders. The role of the security leader in ESRM is to manage security vulnerabilities to enterprise assets in a risk decision making partnership with the organization leaders in charge of those assets. To meet the needs of the quickly evolving security field, in which security professionals are becoming business risk professionals, ASIS must take the lead in the ESRM arena. This involves imbuing ESRM principles into the DNA of the organization via four areas identified by the commission: maturity model, education/certification, standards and guidelines, and marketing/branding.  

Download the PDF of the ASIS Presentation below.