Introductory Considerations for Enterprise Security Risk Management Programs
•
1 like•216 views
High level overview on key considerations for the development of an enterprise risk management program. Presented by Sentinel Resource Group for the ASIS International Silicon Valley Chapter - Jan 2017.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Introductory Considerations for Enterprise Security Risk Management Programs
Similar to Introductory Considerations for Enterprise Security Risk Management Programs (20)
Recently uploaded
Recently uploaded (20)
Introductory Considerations for Enterprise Security Risk Management Programs
- 1. Enterprise Security Risk Management Presented by: Wesley Bull Preempt. Prepare. Prevail.TM
- 2. Enterprise Security Risk Management Outline For Today’s Discussion ❖ What is ESRM - Enterprise Security Risk Management? ❖ Why do organizations pursue ESRM? - Differentiating Desire from Mandate ❖ What are some of the critical success factors in establishing an ESRM program?
- 4. ASIS International - CSO Roundtable White Paper Enterprise Security Risk Management - A Working Definition “ESRM is a management process used to effectively manage security risks, both proactively and reactively, across an enterprise. ESRM continuously assesses the full scope of any security-related risks to an organization and within the enterprise’s complete portfolio of assets. The management process quantifies threats, establishes mitigation plans, identifies risk acceptance practices, manages incidents, and works with risk owners to develop remediation efforts.”
- 5. Enterprise Security Risk Management Desire, Mandates & Key Distinctions • Is ESRM program development desired or mandated? By who? (Regulators; Industry; Board of Directors; C-Suite; Others?) •Mandated program framework(s)? •Regulatory Compliance •Industry-Specific •Geography Specific •Function or Risk-Specific •Others? •Industry-Specific Mandates, Best Practices, Benchmarking? •Other considerations?
- 7. Enterprise Security Risk Management Critical Success Factors* Senior Executive Support & Engagement Key Stakeholder Buy-In Sense of Urgency Change Leadership Company Culture Organizational Structure / Model Diversity of Competence …among many other factors. *Not intended to be a comprehensive list.
- 9. Enterprise Security Risk Management Program Development Road Map •Establish Your Current State Baseline •Determine Your Desired Future State / Program Model •Conduct A Needs / Gap Assessment, ID Stakeholders •Prioritize, Integrate, Align, Sequence, Execute & Assess
- 10. Enterprise Security Risk Management Notable ERM Links & Resources • ASIS - CSO Roundtable: https://cso.asisonline.org/esrm/ • GARP: https://www.garp.org/ • RIMS: https://www.rims.org/Pages/Default.aspx • COSO: https://www.coso.org/Pages/default.aspx • ISACA ERM: http://www.isaca.org/chapters9/Accra/ Events/Documents/ERM%20ISACA.pdf • ISO 31000: https://www.theirm.org/media/886062/ ISO3100_doc.pdf “Good risk management fosters vigilance in times of calm and instils discipline in times of crisis.”
- 11. To get involved with ASIS ESRM initiatives…or for more information, contact us: SRG General Inquiries: inquiry@sentinel-rg.com