by Brianna Crandall — November 1, 2019 — ASIS International, a worldwide association of security management professionals, recently released its Enterprise Security Risk Management (ESRM) Guideline, which reportedly takes a different approach to traditional security.
Available to ASIS members and the security industry at large, the new guideline is a strategic security management tool, said to be the first of its kind, that elevates the security function by establishing a partnership between security professionals and business leaders to manage security risks.
According to ASIS, the objective of ESRM is to identify, evaluate, and mitigate the likelihood and/or impact of security risks to the organization, with priority given to protective activities that help enable the organization to advance its overall mission. ESRM positions the security professional as a trusted advisor to help guide asset owners through the process of making security risk management decisions.
ESRM recommends that security professionals maintain an understanding of the organization’s overall strategy, including its mission and vision, core values, operating environment, and stakeholders. Understanding this context will enable security professionals to effectively support and align with the organization’s strategic goals.
The new guideline further outlines how the ESRM Cycle is built on a foundation of transparency, governance, partnership with stakeholders, and holistic risk management. By continually repeating the ESRM Cycle, security professionals can bring ESRM practice to maturity and maintain high performance over time.
The concept was introduced to security professionals during the recent Global Security Exchange (GSX) 2019 event in Chicago.