Improving organisational resilience through enterprise security risk management
Abstract
Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.
The full article is available to subscribers to the journal.
Author's Biography
John Petruzzi currently holds the position of Vice President, Enterprise Security Operations for Time Warner Cable and is based in New York City. He oversees the deployment and ongoing management of physical security, investigations, threat management and the business continuity and crisis management services of the company. He has extensive experience leading enterprise security, risk and information management services for several domestic and global corporations. He also led the regional operations and business development activities of a global security services and consulting firm. He previously served in the United States Marine Corps as a Non-commissioned Officer. He is an active volunteer of three industry leading associations: ASIS International (ASIS), where he currently serves on the Board of Directors and has previously served as President for the ASIS Foundation; the Information Systems Audit and Control Association (ISACA); and the Information Systems Security Association (ISSA). Additionally he is a founding member of the Alliance for Enterprise Security Risk Management (AESRM). He holds a Bachelor’s degree in Security Management, an Associate’s degree in Criminal Justice, and has completed the ISMA Leadership Programme at Georgetown University. He maintains board certification with the Certified Protection Professional (CPP), Certified Information Security Manager (CISM) and Certified Business Continuity Professional (CBCP) designations.
Rachelle Loyear is the Director of Enterprise Business Continuity Management for Time Warner Cable. She directs BCM programme design and development, crisis management and emergency response planning, business function recovery and continuity planning, BCM training and exercises, and logistical programmes such as state and local OEM relationships and TWC’s continuity equipment and resource programme. She began her career in the Information Technology field and worked in programming and training design prior to joining Time Warner Cable in 2003. At TWC, she worked in development, business analysis, and project management in IT prior to moving into the Enterprise Security Group in 2005. With this diverse background in security, BCM, project management and IT, she approaches business continuity and disaster recovery with a broad methodology that melds many recovery aspects into a cohesive whole. She holds a Bachelor’s degree in History and a Master’s degree in Business Administration. Additionally, she is certified as an MBCP through DRI International; an AFBCI through the Business Continuity Institute; a CISM through ISACA; and a PMP through PMI. She is active in multiple BCM industry groups and is a vice-chair of the Crisis Management and Business Continuity Council of ASIS International.
Citation
Petruzzi, John and Loyear, Rachelle (2016, September 1). Improving organisational resilience through enterprise security risk management. In the Journal of Business Continuity & Emergency Planning, Volume 10, Issue 1. https://doi.org/10.69554/AIZS3061.
Publications LLP