The Manager's Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security

  • 2h 47m
  • Brian Allen, Rachelle Loyear
  • Rothstein Associates
  • 2016

Is security management changing so fast that you can’t keep up? Perhaps it seems like those traditional “best practices” in security no longer work? One answer might be that you need better best practices! In their new book, The Manager’s Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security, two experienced professionals introduce ESRM. Their practical, organization-wide, integrated approach redefines the securing of an organization’s people and assets from being task-based to being risk-based.

In their careers, the authors, Brian Allen and Rachelle Loyear, have been instrumental in successfully reorganizing the way security is handled in major corporations. In this ground-breaking book, the authors begin by defining Enterprise Security Risk Management (ESRM):

“Enterprise security risk management is the application of fundamental risk principles to manage all security risks − whether information, cyber, physical security, asset management, or business continuity − in a comprehensive, holistic, all-encompassing approach.”

In the face of a continually evolving and increasingly risky global security landscape, this book takes you through the steps of putting ESRM into practice enterprise-wide, and helps you to:

  • Differentiate between traditional, task-based management and strategic, risk-based management.
  • See how adopting ESRM can lead to a more successful security program overall and enhance your own career.
  • Prepare your security organization to adopt an ESRM methodology.
  • Analyze and communicate risks and their root causes to all appropriate parties.
  • Identify what elements are necessary for long-term success of your ESRM program.
  • Ensure the proper governance of the security function in your enterprise.
  • Explain the value of security and ESRM to executives using useful metrics and reports.

Throughout the book, the authors provide a wealth of real-world case studies from a wide range of businesses and industries to help you overcome any blocks to acceptance as you design and roll out a new ESRM-based security program for your own workplace.

In this Book

  • What is Enterprise Security Risk Management (ESRM)?
  • Why Does the Security Industry Need ESRM?
  • Preparing to Implement an ESRM Program
  • Following the ESRM Life Cycle
  • Phased Rollout
  • Essentials for Success
  • ESRM Governance, Metrics, and Reporting
  • Where Should Security Report in an Organization Structure?
  • What Do Executives Need to Know About ESRM?
  • Reports and Metrics

YOU MIGHT ALSO LIKE

Rating 4.4 of 64 users Rating 4.4 of 64 users (64)
Rating 4.6 of 364 users Rating 4.6 of 364 users (364)