The ESRM Evolution: From "No" to Strategic Risk Management
ResolverInc
277 views
30 slides
Jun 05, 2017
Slide 1 of 30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
About This Presentation
With a career spanning over thirty years and two disciplines, Tim McCreight has adapted from his roots in physical security, to information security, and now his interest in enterprise security risk management (ESRM). Learn how Tim changed his approach from saying “no” to projects, to focusing o...
Slide Content
int:rsect
The ESRM Evolution:
From "No" to Strategic
Risk Management
Tim McCreight
MSc, CISSP CPP CISA
Director, Strategic Alliances
Above Security -
AHitachi Group Company
The ESRM Evolution:
From "No" to Strategic
Risk Management
Tim McCreight
MSc, CISSP CPP CISA
Director, Strategic Alliances
Above Security -
AHitachi Group Company
RESTRICTED
UNDER 17 DEA ACCOMPANYING
DEA OR ADULT GUARDIAN
The following seminar contains coarse
language, violent situations, personal
opinions, and partial speaker nudity.
Viewer discretion is advised.
UNDER 17 DEA ACCOMPANYING
DEA OR ADULT GUARDIAN
The following seminar contains coarse
language, violent situations, personal
opinions, and partial speaker nudity.
Viewer discretion is advised.
I hone to God
that's Batman
that's Batman
Agenda
Quick Intro
Journey to ESRM:
- Before
- During
- Today
Benefits
Next Phase
Quick Intro
Journey to ESRM:
- Before
- During
- Today
Benefits
Next Phase
BEFORE
The Clipboard Era
Security by survey...
Security by survey...
What we knew...
- More rigid approach
« Binary response
+ Metrics were
"measurements"
- Able to say "no"
based on the
checklist...
- More rigid approach
« Binary response
+ Metrics were
"measurements"
- Able to say "no"
based on the
checklist...
Story time...
Reactive vs Proactive
Focused more on
identification
not prevention
Could "cancel" a
project if it was going
to "harm" our company
The story of the
turnstile and the
executive...
Focused more on
identification
not prevention
Could "cancel" a
project if it was going
to "harm" our company
The story of the
turnstile and the
executive...
Hard Lessons
Look beyond the "rule"
Not everyone thinks like us
Get rid of "no"
Look beyond the "rule"
Not everyone thinks like us
Get rid of "no"
DURING
New Ideas
SECURITY
CONVERGENCE &
Oiianaging LS «
Enterprise Security Risk
CONVERGENCE &
Oiianaging LS «
Enterprise Security Risk
From this... To this...
Gaps Remained...
Looked at blending
security organizations,
but only touched on risk
Still "security" centric
Looked at blending
security organizations,
but only touched on risk
Still "security" centric
TODAY
Changes at ASIS
1625 Prin
pr@sssonino og
INTERNATIONAL "00
Advancing Security Worldwide? tor J ONC CAE
NEWS RELEASE
ASIS International Makes Enterprise Security Risk
Management a Global Strategic Priority
Commission established to incorporate ESRM into all ASIS programs and
services
Alexandria, VA 201
(asis
unity Risk
ly manag
ds concepts into all progran
Both a philosophy and management system, ESRI cu
professionals manage the vario ganizations
ooking to shit the profession from a sibed ap curity managemen
1625 Prin
pr@sssonino og
INTERNATIONAL "00
Advancing Security Worldwide? tor J ONC CAE
NEWS RELEASE
ASIS International Makes Enterprise Security Risk
Management a Global Strategic Priority
Commission established to incorporate ESRM into all ASIS programs and
services
Alexandria, VA 201
(asis
unity Risk
ly manag
ds concepts into all progran
Both a philosophy and management system, ESRI cu
professionals manage the vario ganizations
ooking to shit the profession from a sibed ap curity managemen
a A ROTHSTEIN PUBLISHING COLLECTION eBOOK
The Manager's Guide to
Enterprise
Security Risk
Management
Essentials of Risk-Based Security
Brian J. Allen, Esq.
CISSP, CISM, CPP, CFE
Rachelle Loyear
Kristen Noakes-Fry, asc, ito
ET
The Manager's Guide to
Enterprise
Security Risk
Management
Essentials of Risk-Based Security
Brian J. Allen, Esq.
CISSP, CISM, CPP, CFE
Rachelle Loyear
Kristen Noakes-Fry, asc, ito
ET
Identify
& Prioritize
Incident
Response
Advance
Mitigate
Prioritized
Risks
Ongoing
Risk
Assessment,
Identify
& Prioritize
Risks
Figure 1-1. The ESRM Cycle
& Prioritize
Incident
Response
Advance
Mitigate
Prioritized
Risks
Ongoing
Risk
Assessment,
Identify
& Prioritize
Risks
Figure 1-1. The ESRM Cycle
BENEFITS
Business focused
Builds relationships
New concepts:
- key stakeholders
- asset owners
- prototyping
- key stakeholders
- asset owners
- prototyping
Consistency in:
- risk management philosophy
- security roles/responsibilities
- risk management philosophy
- security roles/responsibilities
Objective vs. Reactive
Y
=
EE qa Y A
Y
=
EE qa Y A
Asset centric
ie
Personal
Thoughts
Thoughts
Thank You!
Tim McCreight
MSc, CISSP CPP CISA
Director, Strategic Alliances
Above Security
A Hitachi Group Company
www.abovesecurity.com
Tim McCreight
MSc, CISSP CPP CISA
Director, Strategic Alliances
Above Security
A Hitachi Group Company
www.abovesecurity.com
Tags
Categories
BusinessDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 277
- Slides 30
- Favorites 2
- Age 3105 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
32 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
35 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
32 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
29 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
30 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
33 views