Michael Fickes
Michael Fickes
Download PDF version Contact company
Related Links
For an ESRM program to succeed, senior corporate executives must endorse it and actively support it
Enterprise security strategies identify
liabilities & ways to mitigate risks, showing
how the cost of mitigation prevents larger
liabillity costs 

The security profession continues to take on new risk management responsibilities. The big thing now is called Enterprise Security and Risk Management (ESRM). ASIS International has issued a standard on the subject: ANSI/ASIS/RIMS RA. 1-2015, and a couple of booths at the recent ASIS International 2015 Seminar explored the subject.

Mitigating Risks

“Enterprise Risk Management or ERM is a common business term, so we differentiate ERM from the security world by adding the word security to it,” says Ray O’Hara, CPP, Executive Vice President in the Palm Desert, California, offices of AS Solution.

The growth of multi-national business enterprises with multiple locations domestically and internationally has given rise to this new and multi-faceted form of security. “ESRM covers a myriad of areas that need to be protected today,” says O’Hara.

O’Hara lists domestic and foreign executive travel, manufacturing and production facilities here and around the world, third-party manufacturing facilities, executive offices, intellectual property and the supply chain that ties all of these assets together. ESRM requires continuous risk and vulnerability assessments, too, because the risks change with circumstances.

“What if I have a tractor trailer with electronic equipment sitting in an unsecured truck yard 2,000 miles from its destination?” asks O’Hara. “Do I care? If I transfer the responsibility to the shipper and the shipper’s insurance, I don’t care. Then again, what if I have a customer with a deadline waiting for that equipment? Now I do care. Effective protection requires corporate security to identify all risks — in every department — and rank them as low, medium or high. Then, where appropriate, you mitigate risks to a level that the company can absorb.”

Senior Executive Buy-In

Effective protection requires
corporate security to identify all risks -
in every department - and rank
them as low, medium or high. Then,
where appropriate, you mitigate risks
to a level that the company can absorb

For an ESRM program to succeed, senior corporate executives must endorse it and actively support it, continues O’Hara. Suppose you walk into the Human Resources department to discuss risks involved in hiring people around the globe. Suppose further that you have discovered that HR is using a questionable (and inexpensive) service to conduct background checks, and you would like to address that risk.

If the Director of Human Resources doesn’t have time for you, you will need to be able to ask the CEO to tell the director to make time, listen to what you have to say and to act on the advice you give.

Without the active support of senior executives, ESRM programmes addressing departmental risks throughout every department and in facilities around the world cannot succeed. How does a security department generate that kind of support?

Developing Enterprise Security Strategy

According to O’Hara, you have to develop an enterprise security strategy, present it to C-Suite executives and show them how your strategy synchronizes with the corporate business strategy. The presentation identifies risks and liabilities, recommends ways to mitigate those risks, and shows how the cost of mitigation can prevent much larger liability costs.

“Mitigation measures could be insurance, where you transfer the risk to someone else,” O’Hara says. “It could be security technology, security patrols, better background checks. It all depends, of course, on the nature of the problem right now.”

For example, explains O’Hara, suppose you have protected a warehouse that is storing a custom-made inventory worth a million dollars awaiting delivery to customers. You’ve secured the warehouse with card access locks, intruder alarms and several cameras. For good measure, you have a security guard swing by a couple times each night.

As the inventory is picked up and trucked away to customers, the financial risk declines. At some point, you might decide the risk isn’t great enough to send the security officer to check on the merchandise.

By the time the warehouse empties out, you won’t need anyone to monitor the surveillance cameras. Depending on when you expect the warehouse to fill up again and the value of the materials, you could move one or all of those cameras to another location.

Enterprise Security and Risk Management is the next big thing for security professionals — and it is a very big, comprehensive thing.

Download PDF version Download PDF version

Author profile

Michael Fickes
Michael Fickes End User Correspondent, SecurityInformed.com

Related videos

Join The Biggest Hour For Earth

Join The Biggest Hour For Earth
Unveiling Wavestore 6.36: Elevate The Security Experience

Unveiling Wavestore 6.36: Elevate The Security Experience
Hikvision Introduces CGSA-Access Control And Functions

Hikvision Introduces CGSA-Access Control And Functions

In case you missed it

How Can The Security Industry Contribute To Protecting The Environment?
How Can The Security Industry Contribute To Protecting The Environment?

When it comes to protecting the environment, the security industry has historically been perched on the sidelines. For instance, the amount of electricity that physical security sy...

Comprehensive K12 Security
Comprehensive K12 Security

For K12 education pioneers, embarking on a journey to upgrade security controls can present a myriad of questions about finding the best-fit solutions and overcoming funding hurdle...

Choosing The Right Fingerprint Capture Technology
Choosing The Right Fingerprint Capture Technology

Choosing the appropriate fingerprint technology for a given application is dependent on factors including the required level of security and matching accuracy, the desired capabili...

Security beat

Energetic ISC West Reflects Industry On The Cusp Of Accelerated Change

Energetic ISC West Reflects Industry On The Cusp Of Accelerated Change
View all

Round table discussions

How Can The Security Industry Contribute To Protecting The Environment?

How Can The Security Industry Contribute To Protecting The Environment?
View all

Security bytes

Getting To Know Chris Bone, CTO At ASSA ABLOY Group

Getting To Know Chris Bone, CTO At ASSA ABLOY Group
View all
Featured white papers
5 Surprising Findings From OT Vulnerability Assessments

5 Surprising Findings From OT Vulnerability Assessments

Download
Multi-Residential Access Management And Security

Multi-Residential Access Management And Security

Download
Guide For HAAS: New Choice Of SMB Security System

Guide For HAAS: New Choice Of SMB Security System

Download
Hikvision: Solar Powered Product Introduction + HCP

Hikvision: Solar Powered Product Introduction + HCP

Download
Bank Security

Bank Security

Download
More expert commentary
Thermal Video Cameras For Rail Infrastructure Security: Effective And Cost-Efficient Intrusion Detection

Thermal Video Cameras For Rail Infrastructure Security: Effective And Cost-Efficient Intrusion Detection
ONVIF Standards Increase Value Proposition Of IP-based Video Surveillance

ONVIF Standards Increase Value Proposition Of IP-based Video Surveillance
Cyber Security Resilience Develops As Internet Of Things Bolsters Connectivity Across Technologies And Devices

Cyber Security Resilience Develops As Internet Of Things Bolsters Connectivity Across Technologies And Devices
Featured products
Verkada TD52 Cloud-Based Video Intercom

Verkada TD52 Cloud-Based Video Intercom
exacqVision IP08-64T-R1XW-E X-Series 1U Rdnt IP NVR 64TB RAID5 Windows OS with 8 IP Ent Lic

exacqVision IP08-64T-R1XW-E X-Series 1U Rdnt IP NVR 64TB RAID5 Windows OS with 8 IP Ent Lic
Climax Technology TouchPanel-3 7” Color Graphic Touchscreen Panel

Climax Technology TouchPanel-3 7” Color Graphic Touchscreen Panel