Menu Close Menu

Enterprise Security Risk Assessment (ESRM)

Risk Managemet graphic with arrows pointing from Risk to: Rules, Policies, Process, Control, Analysis, and Strategy.

"Enterprise Security Risk Management" (ESRM) is a holistic approach to organizational security that integrates the full range of security operations within the organization with the organization's mission and strategic goals. This is accomplished using the established tools of risk management, but specifically focused on the threats and mitigation measures within the purview of security practices.

The ESRM approach differs from traditional risk management in that it is specifically a security/crime prevention methodology. Likewise, while security vulnerability assessment (SVA) is a tool of ESRM, ESRM's focus on educating stakeholders about the risks and mitigation strategies for which they have ownership is more comprehensive than the traditional scope of an SVA. In addition, ESRM is intentionally proactive in fully uniting security assessment, practice, and training with the identity of the organization - whether that organization is a government agency, a military unit, a school, a house of worship, a hospital, a retail establishment, or any other group with shared goals and resources.

HUMINT group staff has been at the forefront of defining and moving forward ESRM practice. Our staff contributed to the creation of the ESRM Guideline published by ASIS International's Standards and Guidelines Commission, and we are thoroughly proficient with its contents. If your organization is looking to create a coherent vision for security that integrates evidence-based practice with your long-term, strategic goals, we have the resources to assist you in that process.