This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies By closing this message or continuing to use our site, you agree to our cookie policy. Learn MoreThis website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Enterprise Security Risk Management (ESRM) is a strategic approach to security management that ties an organization’s security practice to its overall strategy using globally established and accepted risk management principles. In ESRM, the security professionals and the asset owners share security responsibilities, but all final security decisions are the responsibility of the asset owner.
When creating reports for an executive-level audience, keep in mind that they have received many other metrics reports that same day, and they have only a few minutes to give to each of them. If you make it easy to read and understand and clearly tell your story using data points and brief summaries, they will be able to digest your information faster, retain more and maybe even begin to look forward to receiving your report on a regular basis.
The age of big data analytics, artificial intelligence, robotics, the Internet of Things and quantum computing are fueling innovation and revolutionizing the way we live and work.
What is a security professional to do when you are already operating a lean organization, you are protecting your company’s assets the best you can and you still have to perform better with fewer resources?
As security professionals, we inherently understand the concept of “risk.” We are surrounded by leaders and business partners who also understand these concepts — just with a different lens. To align the differences in our approach, we just need to adjust our understanding, gain a few more skills and approach our programs with a management mindset similar to the way business looks at risk.
We tend to believe that it is the business’s responsibility to understand the importance of security and, therefore, recognize the need to invest. But in the world of business, that’s simply not the case. Business leaders have operations to run and missions to fulfill, and as security leaders we need to understand that it’s up to us to bridge the gap between the security way of thinking and the business way of thinking.
This model allows the security leader and team to work with business leaders to monitor resources, understand security risks, and, together, deliver the most appropriate and effective solutions to mitigate those risks. Security leaders can also use the information gathered during the risk-based reboot to understand and communicate the total cost of ownership of the security program — based on the value of the business’s assets that are exposed to certain security risks — as well as the cost of the various resolutions that are put in place.
