Enterprise Security Risk Management "ESRM for short" is changing the way security professionals manage their programs. While the principles appear simple, the culture change and path to risk isn't. For so many years, security team members in organizations focused on no or relied on enforcement instead of collaboration. ESRM is a paradigm shift toward a risk based, business focused approach that creates a trusted advisor relationship between a CISO and their executives. The benefits for any CISO (or CSO) are significant, including the opportunity to have meaningful conversations about the risks facing their organizations' IT assets.
Tim McCreight, Chief Security Officer, City of Calgary