Enterprise security risk management

Enterprise security risk management (ESRM) resources

This page is dedicated to resources to support security managers with their enterprise security risk management (ESRM) activities.  ESRM takes a risk-led approach to security management to ensure that the security program is completely aligned with the organization’s strategic objectives.  Enterprise security risk management has a firm basis in proven security practices but brings security management into line with internationally recognized risk management standards.

A mature ESRM program encompasses all aspects of security risk mitigation

ASIS International introduction to ESRM

ASIS International (the leading organization for security managers worldwide) has designated enterprise security risk management to be the organization’s strategic focus.

I am a strong believer in the benefits of a risk-led approach but I was a security manager first.  This micro-site has been built to support the ESRM initiative as a one-stop for resources, articles, tools and templates to help security managers transition to a risk-led model.

I hope these resources help with your ESRM program and additional tools will be added as the ESRM standard and guidelines are developed.

Can’t find what you’re looking for?  Send me an email


Enterprise security risk management links


ESRM doesn’t have to be complicated.  Read about how to keep it simple here.


ISO 31000 is a core reference for risk management.  Here’s a short article explaining what it is and what it contains. What is ISO 31000?


Looking for a way to start designing and building an ESRM system?  I’ve created a handbook that explains how to scope, design, build and implement any risk management system. Learn more here. ESRM – a guide to developing a simple ESRM system


The DCDR software project was originally a security risk assessment app making it an ideal software platform to support an ESRM program.  With the addition of security-specific modules, I hope to make this fully integrated, ESRM-ready toolkit for security managers looking for a light, fast, secure and affordable software solution. Read more about DCDR – ESRM-ready software