The philosophy of ESRM drives a risk based approach to managing any security risks, physical or logical, and is applicable to every security process in a holistic manner. There are globally established risk principles that are common among any developed risk standard. This model associates the relationship of risk principles to the practice of managing security risks.
The ESRM processes, when successfully and consistently adapted to a security program, will define what a progressive security program looks like, drive strategic thought and initiatives, build business understanding of security’s role, develop a budgeting strategy, and initiate Board-Level, risk-based reporting.
Hover over each element to see more details on each principle and its relationship to the security practice.