Skip to content

Enterprise Security Risk Management (ESRM)

Enterprise Security Risk Management (ESRM) is a strategic security-program management approach that ties an organization’s security practice to its mission and goals using globally established and accepted risk management principles.

ESRM provides a consistent practice of risk-based security management that benefits organizations and the Security functions that serve them, mainly involving the proper alignment of responsibilities, resources, risks, and mitigation efforts.

By continually repeating the processes in the ESRM cycle, the security professional can bring ESRM practice to maturity and maintain high performance over time. In sum, the practice of Enterprise Security Risk Management:

  • Creates partnerships between the security function and those who manage the assets at risk;
  • Is agnostic and applies to all aspects of security within the organization; and
  • Places risks in context (qualitatively and quantitatively), enabling enterprise leadership to prioritize risk mitigation resources and efforts.