Enterprise Security Risk Management: Concepts and Applications

As a security professional, have you found that you and others in your company do not always define security the same way? Perhaps security interests and business interests have become misaligned. Brian Allen and Rachelle Loyear offer a new approach: Enterprise Security Risk Management (ESRM). By viewing security through a risk management lens, ESRM can help make you and your security program successful. In their long-awaited book, based on years of practical experience and research, Brian Allen and Rachelle Loyear show you step-by-step how Enterprise Security Risk Management (ESRM) applies fundamental risk principles to manage all security risks. Whether the risks are informational, cyber, physical security, asset management, or business continuity, all are included in the holistic, all-encompassing ESRM approach which will move you from task-based to risk-based security.

Book contents:

  1. What is Enterprise Security Risk Management?

  2. How can ESRM Help You?

  3. How Can ESRM Help Your Security Program?

  4. Preparing for an ESRM Program

  5. The ESRM Cycle: an Overview

  6. The ESRM Cycle: Step 1, Identify and Prioritize Assets

  7. The ESRM Cycle: Step 2, Identify and Prioritize Security Risks

  8. The ESRM Cycle: Step 3, Mitigate Prioritized Risks

  9. The ESRM Cycle: Step 4, Improve and Advance

  10. Designing an ESRM Program to Fit Your Enterprise

  11. Rolling Out Your ESRM Program

  12. ESRM Essentials for Success

  13. Security Governance

  14. The Security Organization

  15. ESRM and Investigation

  16. ESRM and Physical Security

  17. ESRM and Cybersecurity and Information Security

  18. ESRM and Workplace Violence and Threat Management

  19. ESRM and Business Continutiy and Crisis Management

  20. ESRM for Business Executives and Boards of Directors

  21. Security Budgeting Process

  22. Reporting and Metrics that Matter

  23. ESRM and the Path in Security Convergence