ESRM resources

Enterprise security risk management (ESRM) resources

This page is dedicated to resources to support security managers with their enterprise security risk management (ESRM) activities.  ESRM takes a risk-led approach to security management to ensure that the security program is completely aligned with the organization’s strategic objectives.  Enterprise security risk management has a firm basis in proven security practices but brings security management into line with internationally recognized risk management standards.

A mature ESRM program encompasses all aspects of security risk mitigation

ASIS International introduction to ESRM

ASIS International (the leading organization for security managers worldwide) has designated enterprise security risk management to be the organization’s strategic focus.

I am a strong believer in the benefits of a risk-led approach but I was a security manager first.  This micro-site has been built to support the ESRM initiative as a one-stop for resources, articles, tools and templates to help security managers transition to a risk-led model.

I hope these resources help with your ESRM program and additional tools will be added as the ESRM standard and guidelines are developed.

Can’t find what you’re looking for?  Send me an email


Enterprise security risk management links


ESRM doesn’t have to be complicated.  Read about how to keep it simple here.

ESRM – a guide to developing a simple ESRM system

Looking for a way to start designing and building an ESRM system?  Take a look at this guide which explains how to scope, design, build and implement any risk management system.

ESRM-ready software

The DCDR project was originally a security risk assessment tool making it an ideal software platform to support an ESRM program.  With the addition of security-specific modules, I hope to make this fully integrated, ESRM-ready toolkit for security managers looking for a light, fast, secure and affordable software solution.

What is ISO 31000?

ISO 31000 is a core reference for risk management.  Here’s a short article explaining what it is and what it contains.