Enterprise Security Risk Management Essay

Exclusively available on Available only on IvyPanda® Made by Human No AI

In the words of Herodotus (2014), “Great deeds are usually wrought at great risks” (p. 373). More than two millennia after, the words are still relevant. Herodotus’ saying underscores a critical idea in business: risk, regardless of its gravity, should be predicted, acknowledged, and managed to reach success. Risks, however, have become much more complex since Herodotus’ times.

In recent years, external factors have made many establishments interested in risk management. Industry-led and government-run regulatory bodies and sponsors have started to overhaul the establishments’ policies to the extent that the companies’ BODs are demanded to make reports and reviews on the consistency of enterprise risk management (ERM) and enterprise security risk management (ESRM).

At the baseline, ERM is the planning, organization, leadership, and control over the actions of an establishment (Purpura, 2013). The function of ERM is to bring the effects of risks on an establishment’s capital and revenue to a minimum. ERM does not only include the risk of an accidental loss. Quite on the contrary: it tackles monetary, strategic, and operational risks, as well as many others (CSO Roundtable, n.d.). ERM is a set of methods to forecast, accept, and handle risks, which provides a methodological basis for risk management as a discipline. This includes the identification of specific events or conditions consistent with the goals of an establishment, timely assessment as to whether these events are likely to happen and (if yes) how soon, development of a strategy to meet the challenge, and progress-tracking.

Enterprise security risk management (ESRM) is also a set of managerial procedures that are aimed at effective risk management. ESRM is a continuous assessment of risks that are then managed either by proactive or reactive means. One of the differences between the two is that ESRM, as the name implies, deals specifically with organizational security risks. The process of risk assessment singles out the threats, determines the best practices accepting the risk and creates guidelines for the shareholders in terms of remediating effort development (CSO Roundtable, n.d.).

Another difference between ERM and ESRM is how they use risk management principles to function. The principles include assessment, monitoring and evaluation, planning, implementation and safeguarding, and monitoring. ERM uses these principles to cater for the organizational needs – which, more often than not, determines how the establishment will be structured. ESRM, on the other hand, does not define the structure of a business, although the principles are used within the security framework as well (CSO Roundtable, 2010).

At that, ESRM is likely to be mistaken for convergence, which is yet another means of managing security risks. The main difference between these two is that convergence integrates the structures of an establishment to cater to both the data security and physical security. This includes responsibility alignment and integrating security tools and processes. Unlike convergence, ESRM does not rely on reporting lines (CSO Roundtable, n.d.).

An example of ESRM in practice is best illustrated by a case study. A security practitioner assessing the security at a retail business feels that the parking lot should be lit up. However, this suggestion is declined by the finance group. The group (i.e., the risk owners) are unwilling to accept their risk as such. The principles of risk management are used as follows:

  1. The establishment’s assets are qualified and identified: these include the clients and the employees that need protection.
  2. Each asset is then analyzed in terms of the security risk posed to it: these include the crimes that can happen in an unlit parking lot.
  3. The relationship of the security risks and the assets are prioritized: the relationship is direct.
  4. The risk mitigation plans are developed: this occurs through the practitioner initiating a discussion with each of the owners. The risk can be either terminated, mitigated, or accepted.

Improvement plans are developed: this is done through regular and timely monitoring (CSO Roundtable, n.d.).

References

CSO Roundtable. (n.d.). Enterprise Security Risk Management: A Holistic Approach to Security.

CSO Roundtable. (2010). Enterprise Security Risk Management: How Great Risks Lead to Great Deeds.

Herodotus. (2014). Histories. (P. Mensch, Trans.). J. Romm (Ed.). Cambridge, MA: Hackett Publishing.

Purpura, P. (2013). Security and loss prevention: An introduction (6th ed.). Waltham, MA: Butterworth-Heinemann

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2020, August 9). Enterprise Security Risk Management. https://ivypanda.com/essays/enterprise-security-risk-management/

Work Cited

"Enterprise Security Risk Management." IvyPanda, 9 Aug. 2020, ivypanda.com/essays/enterprise-security-risk-management/.

References

IvyPanda. (2020) 'Enterprise Security Risk Management'. 9 August.

References

IvyPanda. 2020. "Enterprise Security Risk Management." August 9, 2020. https://ivypanda.com/essays/enterprise-security-risk-management/.

1. IvyPanda. "Enterprise Security Risk Management." August 9, 2020. https://ivypanda.com/essays/enterprise-security-risk-management/.


Bibliography


IvyPanda. "Enterprise Security Risk Management." August 9, 2020. https://ivypanda.com/essays/enterprise-security-risk-management/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
Privacy Settings

IvyPanda uses cookies and similar technologies to enhance your experience, enabling functionalities such as:

  • Basic site functions
  • Ensuring secure, safe transactions
  • Secure account login
  • Remembering account, browser, and regional preferences
  • Remembering privacy and security settings
  • Analyzing site traffic and usage
  • Personalized search, content, and recommendations
  • Displaying relevant, targeted ads on and off IvyPanda

Please refer to IvyPanda's Cookies Policy and Privacy Policy for detailed information.

Required Cookies & Technologies
Always active

Certain technologies we use are essential for critical functions such as security and site integrity, account authentication, security and privacy preferences, internal site usage and maintenance data, and ensuring the site operates correctly for browsing and transactions.

Site Customization

Cookies and similar technologies are used to enhance your experience by:

  • Remembering general and regional preferences
  • Personalizing content, search, recommendations, and offers

Some functions, such as personalized recommendations, account preferences, or localization, may not work correctly without these technologies. For more details, please refer to IvyPanda's Cookies Policy.

Personalized Advertising

To enable personalized advertising (such as interest-based ads), we may share your data with our marketing and advertising partners using cookies and other technologies. These partners may have their own information collected about you. Turning off the personalized advertising setting won't stop you from seeing IvyPanda ads, but it may make the ads you see less relevant or more repetitive.

Personalized advertising may be considered a "sale" or "sharing" of the information under California and other state privacy laws, and you may have the right to opt out. Turning off personalized advertising allows you to exercise your right to opt out. Learn more in IvyPanda's Cookies Policy and Privacy Policy.

1 / 1