You’re Interested in Enterprise Security Risk Management

Enterprise security risk management (ESRM) aligns your security program with the organization’s key objectives to ensure that the key assets are protected and that security becomes a driver of results and overall performance. Here are some resources to help build or transition into an ESRM focussed program.

What is ESRM?

ESRM takes a risk-led approach to security management to ensure that the security program is completely aligned with the organization’s strategic objectives.  Enterprise security risk management has a firm basis in proven security practices but brings security management into line with internationally recognized risk management standards.

A mature ESRM program encompasses all aspects of security risk mitigation

ASIS International introduction to ESRM

ASIS International (the leading organization for security managers worldwide) has designated enterprise security risk management to be the organization’s strategic focus.

I am a strong believer in the benefits of a risk-led approach but I was a security manager first.  I’ve adapted or developed the more general risk management materials to support the ESRM initiative as a one-stop for resources, articles, tools and templates to help security managers transition to a risk-led model.

I hope these resources help with your ESRM program and additional tools will be added as the ESRM standard and guidelines are developed.

ESRM Resources

Here are a few of the ESRM-specific resources I’ve developed.


ESRM doesn’t have to be complicated and it certainly shouldn’t be just a set of checkbox processes that your team grinds through instead of keeping your organization safe and secure. Take a KISS approach to ESRM to ensure that your system is fit for purpose and is something that you can actually use.

Read about how to keep it simple here.

Key references

ISO 31000 is a core reference for risk management.  Here’s a short article explaining what it is and what it contains. What is ISO 31000?

The ASIS ESRM standard is due for publication in early 2019 and a review/guide will be published as soon as this is available.

Designing or implementing an ESRM system?

Looking for help designing and building an ESRM system?  I’ve created a handbook that explains how to scope, design, build and implement any risk management system, including an ESRM system.

Learn more here. ESRM – a guide to developing a simple ESRM system

Looking for software?

The DCDR software project was originally a security risk assessment app making it an ideal software platform to support an ESRM program.  With the addition of security-specific modules, I hope to make this fully integrated, ESRM-ready toolkit for security managers looking for a light, fast, secure and affordable software solution.

Read more about DCDR – ESRM-ready software (Opens the DCDR website)

Can’t find what you’re looking for?  Send me an email