https://andrewsheves.com/tags/key-content/Recent content in Key Content on Andrew ShevesHugoen-usTue, 12 Sep 2017 00:00:00 +0000https://andrewsheves.com/2017/09/12/a-kiss-approach-to-enterprise-security-risk-management/Tue, 12 Sep 2017 00:00:00 +0000https://andrewsheves.com/2017/09/12/a-kiss-approach-to-enterprise-security-risk-management/<p>Enterprise security risk management (ESRM) has been a topic of increasing interest for security managers over the past few years.  ASIS International has identified it as a strategic focus. However, after a review of the literature, beginning with the <a href="https://cso.asisonline.org/esrm/Documents/CSORT_ESRM_whitepaper_%20pt%201.pdf">2010 CSO roundtable paper on ESRM</a>, two issues are raised that could make ESRM implementation difficult.</p> <p>The initial papers on ESRM appeared to encourage security to fill the gap left by traditional enterprise risk management (ERM) systems, which often focused on financial and market risk exclusively. Although an effective ERM system should incorporate all risks, having security fill these gaps via the ESRM system would quickly overwhelm the chief security officer (CSO).</p>