Book Review: The Manager's Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security.
The Manager's Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security. By Brian J. Allen, CPP, and Rachelle Loyear. Rothstein Publishing; Rothstein.com; ebook; $14.49.
The security landscape is evolving at an enormous speed. Volatility, uncertainty, complexity, and ambiguity are the new normal. So, how do you address security challenges in such an environment? The answer is through enterprise security risk management (ESRM), an integrated risk-based approach to managing security risks. It brings together cyber, information, physical security, asset management, and business continuity. ASIS has made ESRM a global strategic priority.
In the Manager's Guide to Enterprise Security Risk Management, authors Allen and Loyear provide a comprehensive overview of the principles and applications underlying the ESRM philosophy. They set the stage in the first part of the book with an introduction to ESRM and share some important insights on the differences between traditional security and the ESRM approach, illustrating their points with examples.
The second part of the book guides the reader through the implementation of an ESRM program. One excellent chapter promotes design thinking as a conceptual model for ESRM. A design thinking approach can provide a unique platform for innovation and overcoming new security challenges.
Finally, the book provides insights and strategies to ensure the success of the ESRM program. It explains what an executive needs to know about ESRM, and gives readers the tools to succeed.
In sum, this guide accomplishes exactly what it set out to do—provide security leaders and managers with the principles and applications to explore, design, implement, and secure the success of an ESRM program.
Note: The authors of this book recently published a more detailed look at ESRM in Enterprise Security Risk Management: Concepts and Applications, also published by Rothstein.
Reviewer: Rachid Kerkab has almost two decades of experience in criminology, security strategy, risk, and resilience. He is a member of ASIS.