Dear fellow ASIS members:
We are pleased to announce on behalf of the Board of Directors that, effective immediately, we have decided to make Enterprise Security Risk Management (ESRM) a global strategic priority for our Society.
Many of you are no doubt familiar with ESRM. ASIS has been involved in this space for the better part of a decade, but we have never led a sustained effort to drive this approach throughout everything the Society does and explain its vital importance to the membership.
As a refresher, ESRM is both a philosophy and a management system that recognizes that security issues should not be stove-piped. It is a risk-based approach to holistically managing the varied security risks in an organization through the application of globally established and accepted risk principles. ESRM embraces all aspects of security management: physical security, cyber security, information security, loss prevention, asset management, threat management, resilience, workplace violence, fraud, brand protection, travel safety, and so on.
ASIS's involvement in ESRM began in 2005 with the creation of the Alliance for Enterprise Security Risk Management (AESRM) in collaboration with ISACA (an information governance association) and the Information Systems Security Association (ISSA). AESRM was designed to bring board and executive level attention to critical security-related issues and the need for a comprehensive approach to protect the enterprise. AESRM produced several white papers and other helpful documents, and ASIS has covered ESRM in scores of articles, seminar sessions, presentations, courses, and other formats. (A bibliography of this ESRM-related material will soon be available online.) But the topic was never treated as a strategic priority.
Today, we believe that ESRM is a security management imperative throughout the world. That's why the Board has established a two-year commission to develop the framework to better integrate ESRM into ASIS and to establish subcommittees to develop ESRM content for the benefit of the Society and the profession.
Commission members are mostly former Board members: Dave Tyson, CPP (Chair); Brian Allen, CPP; Ray O'Hara, CPP; and John Turey, CPP. There is also one current board member, John Petruzzi, CPP, and a member of the European Advisory Council, Volker Wagner. Additional members—from across the world, across industries, and across specialties—are expected to be added.
So what does this mean to you? You will see a more systematic integration of ESRM principles in ASIS content: articles, webinars, educational sessions, white papers, reports, presentations, speeches, research, and so on. Our goal is to make ASIS members more effective security professionals and more valuable members of their organizations by enabling them to better identify and manage the various aspects of security risks they face. We think the result will be a more empowered membership, safer enterprises, a more strategic approach to risk, and a more cost-effective security function.
We are excited to launch this initiative and are eager to hear your feedback. Please feel free to use the following e-mail address for your comments: firstname.lastname@example.org.
Dave Davis, CPP (2016 ASIS President)
Tom Langer, CPP (2017 ASIS President)