After much consultation with the membership, the ASIS International board of directors recently announced its decision to immediately make Enterprise Security Risk Management (ESRM) a global strategic priority for the society. Mike Hurst, Vice Chairman – Strategy, ASIS International, UK Chapter explains…
Many readers are no doubt familiar with ESRM, but perhaps did not realise that ASIS has been involved in this space for the better part of a decade. However, we never led a sustained effort to drive this approach throughout everything the society does and explain its vital importance to the membership and the wider security family.
As a refresher, ESRM is both a philosophy and a management system that recognises that security issues should not be stove-piped. It is a risk-based approach to holistically managing the varied security risks in an organisation through the application of globally established and accepted risk principles. ESRM embraces all aspects of security management: physical security, cyber-security, information security, loss prevention, asset management, threat management, resilience, workplace violence, fraud, brand protection, travel safety, etc.
ASIS’s involvement in ESRM began in 2005 with the creation of the Alliance for Enterprise Security Risk Management (AESRM) in collaboration with ISACA (an information governance association) and the Information Systems Security Association (ISSA). AESRM was designed to bring board- and executive-level attention to critical security-related issues and the need for a comprehensive approach to protect the enterprise. AESRM produced several white papers and other helpful documents, and ASIS has covered ESRM in scores of articles, seminar sessions, presentations, courses, and other formats. (A bibliography of related material will soon be available online.) But the topic was never treated as a strategic priority.
Today, ASIS believes that ESRM is a security management imperative throughout the world. That’s why the board has established a two-year commission to develop the framework to better integrate ESRM into ASIS and to establish subcommittees to develop security risk management content for the benefit of the Society and the profession.
To lead this initiative, the board of directors has established a two-year ESRM commission, headed by Dave N. Tyson, CPP, 2016 ASIS International chairman of the board. Tyson notes that while ASIS has been involved in ESRM for years, it has never committed to driving the approach in this manner or emphasising its vital importance to ASIS member’s work.
“The commission will develop a framework to integrate ESRM into all ASIS education, white papers, research, and other professional offerings,” said Tyson. “We believe the result will be a more empowered membership, safer enterprises, a more strategic approach to risk, and a more cost-effective security function.”
Serving alongside Tyson on the commission are Brian J. Allen, CPP; Raymond T. O’Hara, CPP, Executive Vice President, AS Solution; John A. Petruzzi, Jr., CPP; John E. Turey, CPP, Senior Director of Enterprise Security Risk Management, TE Connectivity; and Volker Wagner, Senior Vice President, Deutsche Telekom.
Additional members—from across the globe, industries, and specialties—are expected to be added. ASIS will also look to collaborate with other organisations to advance the richness and value of the content it develops.
For more from ASIS International, click here