OSG blk resposnive.png
iStock-stairs.jpg

Enterprise Security Risk Management

Enterprise Security Risk Management (ESRM)

 

Our Enterprise Security Risk Management (ESRM) methodology is the cornerstone of our converged security offering. ESRM is the framework that describes what we do and how we do it. It is focused on ensuring the correct controls are correctly deployed and monitored to deliver the appropriate level of security for an organisation. It is consistent with Enterprise Risk Management (ERM) concepts and aligned to the ISO 31000 Risk Management Standard.

 

ESRM is the management of any security risk using established risk principles, and includes the following five steps. These steps form a continuous loop for improved risk management:

 

1. Identify and prioritise assets

Includes the process of identifying and prioritising the enterprise’s assets (people, customers, processes, information, facilities, reputation, regulatory obligations, etc.). Involves engagement and collaboration within the Security Partnership to understand their value and importance to enterprise mission and goals.

 

2. Identify and prioritise risks

Involves understanding the relationship of risks to the value of assets. Identifies probability and potential impact of risk on an asset, and the vulnerability of assets to security threats, including an assessment of existing security controls. Informs the development of the security solution.

 

3. Mitigate the risks

Encompasses the identification and deployment of the security (including protective security, electronic security, personnel security and information security) solution.

 

4. Incident response

Includes incident response, crisis management and fraud/forensic/insider threat investigations relating to a risk that has been realised and has resulted in a breach of existing security controls.

 

5. Ongoing risk assessment

Continuous/periodic monitoring of the changing risk landscape, including the identification and assessment of new enterprise objectives, risks, assets and vulnerabilities, and the reassessment of existing objectives, risks, assets and vulnerabilities, the external and internal risk context, and the condition, efficacy and performance of security controls.

 

Ultimately, ERSM can help provide the complete picture of threats facing an organisation and then address these risks by implementing the appropriate controls and maintaining compliance with relevant external standards and guidelines (ISO27000, PSR, NIST, ASD-E8, etc).

 

Mapping our solutions to ESRM

 

The ESRM framework enables us to present our customers with an overview which puts them at the core of a holistic view of the risks they face, and the strategies and controls that can be recommended and deployed by Optic to mitigate these and protect their customers, information and people. 

 

Optic structures its operations and security risk solutions according to the above five-step framework. The following table illustrates this with a small selection of our services:

Structuring our solutions on the ESRM framework assures our customers that the security solutions we recommend and install are commensurate to the risks they are designed to mitigate, fit-for-purpose, responsive to change, regularly serviced and future-proof.

 

GET IN TOUCH TODAY TO FIND OUT MORE

For a no obligation discussion about how our Enterprise Security Risk Management approach can make your organisation more resilient to security risk, contact us today.

optic.png
  • Optic Security Group LinkedIn
  • Optic Digital

Optic Security Group (Head Office)

14 Amelia Earhart Avenue

Airport Oaks, Mangere

Auckland, New Zealand, 2022

Phone: +64 9 950 9990

NZ@opticsecuritygroup.com

Optic Digital (Head Office)

222 Lambton Quay

Wellington, New Zealand, 6011

Phone: +64 4 831 1168

sales@opticdigital.com

Australian Head Office

236 Richmond Road

PO Box 130, Marleston

Adelaide, SA 5033

Phone (Toll Free): 1300 72 98 72

Australia@opticsecuritygroup.com

© 2020 by Optic Security Group