ASIS, PSP Certification Preperation, Chapter 1: Concepts in Security Risk Management

PSP Preparation
Protection of Assets
In this session I will cover chapter 1 “Concepts in Security Risk Management” from the protection of assets (POA) book. This is your main resource if you are preparing for the physical security professional (PSP) certification from ASIS international.

Chapter 1: Concepts in Security Risk Management
The first chapter talks about enterprise security risk management as an approach to the process of managing security. ESRM ties the organizational security practice to its overall strategy.

1.1 Taking the Enterprise Security Risk Management Approach
Enterprise Security Risk Management (ESRM) is a strategic approach to security Management.
• It is not a program
• It is a management process or system
• The objective is to have effective mitigation of risks
The Benefits of An ESRM Approach
• It brings more resources and prospective to the risk management process
• The security professional is seen as a strategic partner and trusted advisor
• More effective communication with the asset owners
• Security professionals develop a stronger and complete understanding of the organization strategies and goals
• Improve communication with internal and external stakeholders
• Provides a holistic approach that leads a border depth of value reduced security and security related risks
• Move security from a reactive to a proactive approach
• Security professionals can be seen as business partners and can be asked to participate on other strategic areas.

1.2 Adopting an ESRM Approach
ESRM has 3 primary components
• The Context of ESRM
• The foundation of ESRM
• The ESRM cycle
Other considerations in ESRM
• Core Values
 Linking ESRM to core values insures alignment with the priorities of top management
• Operating environment
 Physical environment
 Nonphysical environment
 Logical environment
• Stakeholders
 Anyone who directly interface with the organization
• Leadership team
• Asset owners
• Individuals working for the organization
• Individuals who contribute to the organization
• Clients and customers
• The community surrounding it
The Context of ESRM
• Understanding the organization
• Alignment with its overall strategy
• Identify risks that undermine its strategy
• Understanding the products and services it provides
• Knowing the Key staff and leadership
• Learning the Legal req.
The Foundation of ESRM
• Holistic risk management
o All stakeholders participate in the risk management process
• Partnership with stakeholders
o Security professionals should socialize their role to top management and asset owners
• Transparency
o Don’t exaggerate nor minimize risks
• Governance
o Organizational: how the organization is directed
o ESRM: process of setting enterprise security risk policy
o Governance outcomes:
 Policies
 Standards
 Guidelines
 Procedures
The ESRM Cycle
• Identify and posterize assets
o Asset owner
o Top Management
o Security professional
• Identify and prioritize risks
o Based on risk’s potential to undermine the organizations' ability to execute its mission
• Mitigate prioritized risks
o Asset owners make the decision with guidance from security professional
• Continues improvement
o Lessons learned
o Feedback loops
Be the first to comment