Brian Sims
Editor
Brian Sims
Editor
With the release of the Enterprise Security Risk Management (ESRM) Guideline, Mike Hurst says it’s time to disrupt the old security model.
I HAVE returned recently from the ASIS GSX (Global Security Exchange) the conference and expo in Chicago and which for the global security profession is one of the key events of the year, with 300+ educational sessions, high level key notes, 20,000 registrants from more than 125 countries and 550 exhibitors.
However, one of the things I was most excited about and looking forward to was the release of the Enterprise Security Risk Management (ESRM) Guideline, which takes a different approach to traditional security. The new guideline is the first strategic security management tool of its kind, elevating the security function by establishing a partnership between security professionals and business leaders to manage security risks. While I was not one of the team that wrote the guideline, I have been involved in the project for well over a year and I am project leader for ASIS’s global ESRM communications.
The objective of ESRM is to identify, evaluate, and mitigate the likelihood and/or impact of security risks to the organisation with priority given to protective activities that help enable the organisation to advance its overall mission. ESRM positions the security professional as a trusted advisor to help guide asset owners through the process of making security risk management decisions.
“We’re very proud to provide this foundational tool to ASIS members—and the security industry at-large—to help guide them through adoption of ESRM within their organizations” said David R. Feeney, CPP, PMP, Chairman of the ASIS ESRM Guideline Technical Committee.
ESRM recommends that security professionals maintain an understanding of the organisation’s overall strategy, including its mission and vision, core values, operating environment, and stakeholders. Understanding this context will enable security professionals to effectively support and align with the organisation’s strategic goals.
The new guideline further outlines how the ESRM Cycle is built on a foundation of transparency, governance, partnership with stakeholders, and holistic risk management. By continually repeating the ESRM Cycle, security professionals can bring ESRM practice to maturity and maintain high performance over time.
“We remain committed to the global development of ESRM, and the release of our ESRM Guideline demonstrates the ASIS Board of Director’s ongoing support to formalise ESRM globally,” said Tim McCreight, ASIS Global Board sponsor of the ESRM Initiative.
We look forward to developing ESRM further and to the positive impact it will have on the profession and practice of security management.
N.B. ASIS members receive free digital access to the new ESRM Guideline along with the other guidelines and standards we produce. Non-members can obtain a copy at www.asisonline.org
Mike Hurst CPP is vice chairman of the UK Chapter of ASIS International and a member of its European Advisory Council / European Governance Work Stream and its Professional Development Council. For more information, visit www.asis.org.uk
PO Box 208
Princes Risborough
Buckinghamshire
HP27 OYR
UNITED KINGDOM
08000 502208