How can organizations and professionals in charge of asset protection and liabilities across an enterprise ensure success when implementing risk-based ISO standards?

The COVID-19 pandemic revealed the weakness of many organizations’ business continuity plans. Many companies learned too late that their plans were inadequate, lacking interoperability with other critical plans for crisis management, disaster recovery, and pandemic readiness.

Last year, ASIS International released the Enterprise Security Risk Management (ESRM) Guideline, which takes a different approach to traditional security. The ESRM Guideline was released at the 2019 Global Security Exchange (GSX) in September, and the Maturity Model is now available on the ASIS website.

This model allows the security leader and team to work with business leaders to monitor resources, understand security risks, and, together, deliver the most appropriate and effective solutions to mitigate those risks. Security leaders can also use the information gathered during the risk-based reboot to understand and communicate the total cost of ownership of the security program — based on the value of the business’s assets that are exposed to certain security risks — as well as the cost of the various resolutions that are put in place.

Enterprise Security Risk Management (ESRM) is a strategic approach to security management that ties an organization’s security practice to its overall strategy using globally established and accepted risk management principles. In ESRM, the security professionals and the asset owners share security responsibilities, but all final security decisions are the responsibility of the asset owner.

The principal drivers of SaaS applications for business also apply to security applications like hosted access control and video.