The latest enterprise risk management news from around the world

Secretary-elect sets out ASIS International's vision for enterprise security risk management

In a recent article John Petruzzi, CPP, 2018 secretary-elect, ASIS International Board of Directors, explained why the organization is focusing strongly on enterprise security risk management (ESRM) and why the foundational ideas of ESRM can change the risk profession as a whole.

In the article Mr. Petruzzi defines ESRM as ‘a security program management approach that links security activities to an enterprise's mission and business goals through risk management methods’. The security leader's role in ESRM is to manage risks of harm to enterprise assets in partnership with the business leaders whose assets are exposed to those risks. ESRM involves educating business leaders on the realistic impacts of identified risks, presenting potential strategies to mitigate those impacts, then enacting the option chosen by the business in line with accepted levels of business risk tolerance.

An agreed approach to ESRM is set out in the ESRM Life Cycle Model, which will be ‘expanded on in 2018 and 2019 as part of an exciting new ASIS initiative to promote ESRM in the security industry,’ says Mr. Petruzzi.

On November 15th a project charter was approved by the ASIS International Board of Directors. The charter calls for four value steams:

  • ESRM Standards and Guidelines
  • Education / Certification / Research
  • Marketing and Communications
  • ESRM Support Tools.

Each project stream will be carried out over 2018 and 2019, led by a board sponsor and an ESRM subject matter expert, teamed with volunteers from around the globe, and staff members from ASIS headquarters.

Read John Petruzzi’s article here.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

   

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.