The Alliance for Enterprise Security Risk Management: A partnership of the three leading international security organizations, formed to address issues surrounding the convergence of traditional and logical security.

Security Convergence and ERM:
The Convergence of IT Security and Enterprise Risk Management:  A Security Professional’s Point of View

Security Convergence and ERM: The Convergence of IT Security and Enterprise Risk Management: A Security Professional’s Point of ViewSeven instructions for IT security practitioners to express themselves in terms that are meaningful to business leaders in alignment with the broader ERM activities are to:

  1. Create a universally accepted definition of convergence and ERM.
  2. Learn the language of the ERM role.
  3. Map broader IT and business objectives to information security risks.
  4. Leverage educated guesswork and personal judgments.
  5. Strive for profiles and do regular cyberdragnet investigations.
  6. Use common sense when treating traditional information security risks.
  7. Make clear the enterprise’s objectives for ERM.

 

 

 

 

Copyright © AESRM 2008, All Rights Reserved.