How can organizations and professionals in charge of asset protection and liabilities across an enterprise ensure success when implementing risk-based ISO standards?
The COVID-19 pandemic revealed the weakness of many organizations’ business continuity plans. Many companies learned too late that their plans were inadequate, lacking interoperability with other critical plans for crisis management, disaster recovery, and pandemic readiness.
Last year, ASIS International released the Enterprise Security Risk Management (ESRM) Guideline, which takes a different approach to traditional security. The ESRM Guideline was released at the 2019 Global Security Exchange (GSX) in September, and the Maturity Model is now available on the ASIS website.
The bottom line: Culture is another way of saying “This is how we do things around here.” In most cases, what is written down or hung on the wall does not align with “how we do things around here.” People will perform their roles, work within their processes and utilize technology to get things done; but the values that undergird their behavior and the ability to understand them and leverage them is one of the keys to unlocking the value of security.