- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
This book bridges the critical gap between Enterprise Security Risk Management (ESRM) theory and practical implementation.
While ESRM principles have gained widespread acceptance—particularly following ASIS International's endorsement—security professionals in real-world implementations consistently struggle with translating concepts into actionable strategies. This practical guide introduces a simple, operational framework centered around three core questions that help security leaders map ESRM directly to business outcomes and strategic decision-making. This book addresses the persistent "how-to" questions that practitioners face when attempting to implement ESRM in complex organizations. The book includes actionable field lessons, case examples, and practical tools that transform theory into measurable security impact. It addresses today's most urgent security challenges: organizational resilience amid a fast-changing global risk landscape, accelerating technology adoption (including AI), and an increasingly complex business and operational environment. As security programs face mounting pressure to demonstrate value, integrate with enterprise risk management, and build trust with non-security stakeholders, this accessible guide equips professionals to move beyond theoretical understanding and confidently lead ESRM implementation.
This book serves as an essential resource for security leaders ready to translate ESRM principles into measurable outcomes that align the security strategy with broader business objectives.
Contents
Introduction: Simplifying Security in a Complex World Section 1: Changing the Way We Think About Security 1. The ESRM Difference 2. Thinking Like a Risk Manager Section 2: Turning Strategy into Action — The Three Essential Questions 3. What Am I Trying to Protect? - Understanding Critical Assets and Their Impact 4. What Does It Truly Need to Be Protected From? - Understanding Threat to Evaluate Risk 5. How Can We Most Effectively and Efficiently Protect It? - Choosing the Best Mitigations for Your Risk Profile Section 3: Sustaining ESRM — Improvement, Oversight, and Culture 6. Continual Improvement Strategies 7. Required for Success: Making the Shift to a Security-Driven Culture Section 4: What's Next for ESRM? 8. The Future of ESRM: Adapting to an Accelerating World
