Enterprise Security Risk Management (ESRM) is a strategic security-program management approach that ties an organization’s security practice to its mission and goals using globally established and accepted risk management principles.
ESRM provides a consistent practice of risk-based security management that benefits organizations and the Security functions that serve them, mainly involving the proper alignment of responsibilities, resources, risks, and mitigation efforts.