Security management association ASIS International has released its Enterprise Security Risk Management (ESRM) Guideline. The guideline is meant to establish a partnership between security professionals and business leaders to manage security risks, according to a news release from ASIS announcing the guideline.
“ESRM is a strategic approach to security management that ties an organization’s security practice to its mission and goals using globally established and accepted risk management principles,” explains David Feeney, chairman of the ASIS ESRM Guide Technical Committee and manager in the Risk and Financial Advisory practice for Deloitte & Touche LLP.
The guideline is meant to identify, evaluate and mitigate the likelihood and/or impact of security risks to an organization.
“The ESRM Guideline will help security professionals be more successful in executing an effective security plan by aligning security goals with the mission and goals of the organization,” Feeney notes. “The guideline helps elevate security from a trade to a profession.”
In the security guideline, an asset owner is the person most responsible for the healthy operation of a given asset; at a facility, the manager is most likely the asset owner. With the ESRM, the security professional is the asset owner’s trusted adviser, guiding through a security risk management decision-making process, Feeney says.
With ESRM, the asset owner and security professional work as a team. “The asset owner is the expert regarding the asset, and the security professional is the expert in security risk management,” he says. “These roles and the partnership between them is paramount to the proper adoption of ESRM.
[Get your copy: Building Security Assessment Checklist]
“This benefits building owners and facility managers by tying the goals of the security program to the mission and goals of the organization, meaning that the security program supports and aligns with the strategic goals of building owners and facility managers.”
ESRM encourages security professionals to understand the organization’s overall strategy to support and align with strategic goals. This includes being up to date on the organization’s:
- Mission and vision
- Core values
- Operating environment
According to the security guideline, a component of the foundation of ESRM is holistic risk management. Feeney explains this as the consideration of all security risk, including physical, information and cyber risk.
“With the ever-increasing convergence of physical and cybersecurity threats and risks, the time is now for security professionals to eliminate silos and boundaries and consider all security risk in a holistic way,” he says. “This reduces the chances of risks slipping through the cracks between various security disciplines.”
ASIS members can read the ESRM Guidelines at no cost, and nonmembers can purchase a softcover or digital version in the ASIS Store.
Two handpicked articles to read next: