Utilizing the principles, standards and methodologies of ERM and/or ISO 31000 as the foundation of security programs is vital in order to transform your security program to holistically address the full scope of the risk, threat and hazard landscape that your organization faces today and into the future. Going forward, we will provide some insight into the concepts of ERM and why it is so important to utilize ERM as the foundation of your security program.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) established ERM as a process to deal with risks and opportunities affecting value creation or preservation and defined ERM as follows: