Enterprise Security Risk Management (ESRM) activity at ASIS will be kicking into high gear in January 2018, when work begins to infuse its core principles into the Society’s DNA.
For those new to ESRM, it is a security philosophy and approach that links security activities to an enterprise’s mission and business goals. Applying ESRM entails educating business leaders on the realistic impacts of identified risks, presenting potential strategies to mitigate those likely impacts, then enacting the option chosen by the business that is in line with acknowledged levels of business risk tolerance.
In 2016, the ASIS Board of Directors committed to making ESRM a strategic priority for the Society. Since then, a board-led commission inventoried all the Society’s ESRM content, identified subject matter experts and interested volunteers, developed a primer, and held scores of interviews and meetings with members to gain additional insights on how ESRM should be integrated into ASIS activities.
Last month, the Board has approved the next phase of this important work. Going forward, the ESRM Commission will disband and be replaced by four workstreams that will guide the appropriate development and implementation of ESRM materials into ASIS offerings. These workstreams include ASIS standards and guidelines, education and certification, marketing and branding, and creation of a digital maturity model tool. Each workstream will include a Board member sponsor, an ASIS staff member, an ESRM subject matter expert, and a team of member volunteers. An update on workstream activity will be provided in Q1 2018.