Fact Sheet on The Alliance for Enterprise Security Risk Management (AESRM)
What is it?
- A partnership of two leading security organizations to address the management of risks and emerging regulations that require a more thorough, enterprise-wide approach to security
Why now?
- Significant increase and complexity of security-related risks to international commerce from terrorism, cyberattacks, Internet viruses, theft, fraud, extortion and other threats
- Need for corporations to develop a more comprehensive approach to protect the enterprise
What is its purpose?
- Business Improvement
- Assist enterprises by developing tools that more fully qualify and quantify security risks and potential impacts to the business
- Assist enterprises by developing tools that more fully qualify and quantify security risks and potential impacts to the business
- Awareness Raising
- Raise awareness among executive management regarding the nature of existing and emerging security threats, and best practices to mitigate those threats through the convergence of security organizations, processes and approaches
- Promote a common security management voice to legislators and government agencies and provide them with information regarding best security practices
- Raise awareness among executive management regarding the nature of existing and emerging security threats, and best practices to mitigate those threats through the convergence of security organizations, processes and approaches
- Professional Development
- Define the qualification, certification and training requirements for the chief security officer (CSO)/chief information security officer (CISO) role and other security-related positions
What does convergence mean, relative to security?
- Holistic view of security, taking an integrated approach to information and traditional security
- Ensures all functions within the enterprise work together to identify and mitigate risks, and to effectively manage security-related incidents to reduce a potential negative impact on people, profitability and property
What activities will the alliance undertake?
Research, executive seminars and other educational offerings to benefit security and other business executives
Who is involved?
- ASIS International (ASIS)— Founded in 1955, the preeminent organization for security professionals, with more than 34,000 members worldwide (www.asisonline.org)
- ISACA—Founded in 1969, a global leader in IT governance, security and assurance; more than 86,000 constituents worldwide (www.isaca.org)
Can anyone else join?
- Additional memberships may be considered in the future.
- Future memberships would be limited to not-for-profit organizations whose purpose addresses traditional and/or information security issues/concerns. The organizations must also represent members in local chapters.
Who can provide more information?
- For ASIS: Vicki Moeser, vmoeser@asisonline.org, 703.518.1466
- For ISACA: Kristen Kessinger, kkessinger@isaca.org, 847.660.5512