Enterprise security risk management moves in to a higher gear at ASIS

Enterprise security risk management (ESRM) activity at ASIS International will be moving into high gear in 2018 with the launch of four value streams charged with infusing its principles into the DNA of the Society.
ESRM is a security program management approach that links security activities to an enterprise’s mission and business goals through established risk management methods. The security leader’s role in ESRM is to manage risks of harm to enterprise assets in partnership with the business leaders whose assets are exposed to those risks. ESRM involves educating business leaders on the realistic impacts of identified risks, presenting potential strategies to mitigate those impacts, then enacting the option chosen by the business in line with accepted levels of business risk tolerance.
In July 2016, former ASIS President David C. Davis, CPP, identified ESRM as a strategic organisational priority and created a board-led commission to review how ASIS should advance this management approach into its products and services. In the year plus since, the commission inventoried ESRM content, identified subject matter experts, developed a primer, and interviewed members on how ESRM should be ingrained into ASIS activities.
For the first time, in 2017, the ASIS Annual Seminar & Exhibits featured a full track of education devoted to ESRM. Sessions included a preseminar program on IT security for physical security professionals and an intensive interactive two-hour tabletop exercise in which attendees represented various departments of an organisation and used ESRM principles to deal with an evolving crisis scenario. Earlier in the year, ASIS Europe 2017 focused on enterprise-level risks and featured master classes on implementing integrated enterprisewide security teams.
In November, the board approved the commission’s request to transform into four workstreams that will develop appropriate ESRM material for their areas. The workstreams cover standards and guidelines, education and certification, marketing and branding, and creation of a digital maturity model tool.
Each workstream includes a board member sponsor, an ASIS staff member, an ESRM subject matter expert, and a team of member volunteers.
Find out more at asis.com.