Background
Enterprise security risk management (ESRM) includes the methods and processes to manage security risks and realize opportunities that are directly related to organizational objectives. ESRM typically involves identifying events or circumstances relevant to the organization’s objectives, assessing them, determining a response strategy, and monitoring progress.
Enterprise Security Risk Assessment (ESRA) differs from conventional security risk assessment, not only in scale but also inits nature. A conventional security risk assessment (SRA) seeks to analyze the risks of a business unit or subset of the enterprise(e.g. a particular facility, project, or system).
________________________________________________________________
RELATED ARTICLES: Musings On Security Risk Assessments | The Benefits Of SECTARA’s Advanced & Intuitive Risk Assessment Methodologies | What Is A Risk Assessment Template? | What’s in a Good Security Risk Assessment?
________________________________________________________________
ESRA Focus
ESRA Scoping Statements
A scoping statement for an ESRA might include:
-
Enterprise-wide strategic security Risks (physical, personnel, technology and information).
-
Business activities and corporate operations globally.
-
Review of enterprise-wide strategic security measures currently in place for the protection of personnel, assets, and information both at our facilities and while in transit.
-
Review and develop security standards and postures across a range of threat levels such that the enterprise can respond with established protocols to any variation in threat levels.
-
IT systems as well as interfaces with key external systems.
-
Physical protection of server rooms and systems.
-
Review of existing security policies, procedures, documents, incident reports, manuals, etc.
-
Identification of risks associated with key assets, activities, and operations of the organization.
-
Identification and assessment of key vulnerabilities and threats. Qualitative and quantitative assessment of security risks currently facing the enterprise.
-
Recommend treatment plans to manage or mitigate the risk to an acceptable residual level.
How to get started with SECTARA
If you see the same great benefits that we do in SECTARA, there are several methods to get started:
- Sign up to our absolutely Free Plan.
- Register for one of our Bronze, Silver or Gold Plans.
- Arrange an online demo.
- Contact us
As a valued subscriber, you will be comprehensively supported via our Ticketing System and Knowledge Base, and you can still always contact us direct when you need to.
Julian Talbot
Julian is a SECTARA Advisory Board Member and, among many other things, the author of the Security Risk Management Body of Knowledge (SRMBoK). In recent times Julian contemplated how to take SRMBoK further, and in doing so publish a contemporary account of associated security models, principles and practices. The result is the Security Risk Management Aide Memoire (SRMAM), a book that is free to all SECTARA subscribers (yes, even on the free plan). This article is replicated from the SRMAM wesbite with permission.
