In their careers, the authors, Brian Allen and Rachelle Loyear, have been instrumental in successfully reorganizing the way security is handled in major corporations. In this ground-breaking book, the authors begin by defining Enterprise Security Risk Management (ESRM):
“Enterprise security risk management is the application of fundamental risk principles to manage all security risks − whether information, cyber, physical security, asset management, or business continuity − in a comprehensive, holistic, all-encompassing approach.”
In the face of a continually evolving and increasingly risky global security landscape, this book takes you through the steps of putting ESRM into practice enterprise-wide, and helps you to:
- Differentiate between traditional, task-based management and strategic, risk-based management.
- See how adopting ESRM can lead to a more successful security program overall and enhance your own career. .
- Prepare your security organization to adopt an ESRM methodology. .
- Analyze and communicate risks and their root causes to all appropriate parties. .
- Identify what elements are necessary for long-term success of your ESRM program. .
- Ensure the proper governance of the security function in your enterprise. .
- Explain the value of security and ESRM to executives using useful metrics and reports. .
Throughout the book, the authors provide a wealth of real-world case studies from a wide range of businesses and industries to help you overcome any blocks to acceptance as you design and roll out a new ESRM-based security program for your own workplace.