New Survey Results Claim Security Expertise Not Enough for Successful ESRM

April 14, 2010

In April, the CSO Roundtable of ASIS International released the results of a comprehensive survey of its members and of the ASIS membership.  The survey was meant to demonstrate some level of understanding that the security industry has concerning the adoption of an “Enterprise Security Risk Management” (ESRM) methodology.

The survey, conducted in the fall of 2009, asked for information regarding at least the following areas:

1. What risks were the most challenging?
2. Where do organizational support for ESRM initiatives came from?
3. Which business elements of an organization were included in ESRM?
4. What was security’s role in the ESRM process?
5. Who has ultimate responsibility for risk in the organization?

More than 80 Chief Security Officers, and more than 200 other ASIS members from around the world, responded to the survey.

One of the major findings from the survey was best expressed by Timothy L.Williams, CPP, Dir of Global Security for Caterpillar, and a member of the CSO Roundtable Advisory Board, when he stated, “We learned that traditional security issues are rarely the ones that keep security professionals awake at night; instead, risks such as database theft, network failure and economic problems are top concerns.  We discovered that most CSOs and, indeed, nearly half of non-CSOs, are already deeply involved with evaluating and mitigating non-security risks in their organizations.”

Another survey result claims that CSOs reported the greatest non-security risk they face is the downturn of the economy, followed by business issues such as competition and regulatory pressures. More than half of the CSOs surveyed said they and their security departments were involved in researching, prioritizing, mitigating or evaluating these non-security risks.

Additionally, survey results also indicated that the vast majority of security professionals believe that excellent business management, leadership and communication skills—not security expertise—are the traits that will lead to success in ESRM.

If any of these questions listed above or results stated above appear to reflect similar behaviors in your organization or even a basis for how security standards are established in your organization, then please pass this information along to those internal information security and risk management team members or perhaps, outside security consultants, who are responsible for establishing and maintaining a  level of enterprise security risk management most appropriate to  your organization.

Click here to read the full report.

Institute of Environmental Security Announces Climate Change Impact Warning

November 3, 2009

In a recent press release from the IES, military experts from five continents announce a warning of the impact of climate change on security.   The statement, presented at a meeting on October 29, 2009 at Brookings in Washington, and issued simultaneously in Brussels, Dhaka, Georgetown, London, New Delhi and The Hague, says that “incremental, and at times, abrupt climate change is resulting in an unprecendented scale of human misery, loss of biodiversity and damage to infrastructure with consequential security implications that need to be addressed urgently.”  To read the entire press release, click here.

The Institute for Environmental Security (IES) is an international non-profit non-governmental organisation established in 2002 in The Hague, with representatives in Brussels, London, Beirut, California, New York, Toronto and Washington, DC.

This “knowledge and action network” was set up to increase political attention to environmental security as a means to help prevent conflict, instability and unrest.

IES Mission

The Institute’s mission is: “To advance global environmental security by promoting the maintenance of the regenerative capacity of life-supporting eco-systems.”

Its multidisciplinary approach integrates the fields of science, diplomacy, law, finance and education. Activities are designed to provide policy-makers with a methodology to tackle environmental security risks in time, in order to safeguard essential conditions for peace and sustainable development.

The relation between the environment and the security of humans and nature has been the subject of much research in recent decades, and is now becoming an important focus of international environmental policy. Click here to read a 2-page overview on environmental security written by Michael Renner.

The following publication by the Institute  is also recommended environmental compliance reading  for any organization facing environmental security issues –  Introduction to the Concepts of Environmental Security and Environmental Conflict.

• 
• 
• 
• 

• Subscribe

  • Subscribe to RSS
  • Comments

• Recent News

  • Career Options and the PS-Prep Program
  • E-Discovery – Compliance and Privacy Challenges
  • “Career Options and the PS-Prep Program” – July 27th, 2010 Webinar Reminder
  • Can Resilience be Enshrined in a Standard?
  • PS-Prep Developing Liability Protection?
  • PS-Prep Career Options Webinar
  • Emergency Plans and Behavioral Accuracy
  • Business Continuity Testing Guidance
  • Federal Cybersecurity Guidelines Document Update Released by NIST
  • Checklist Offered to Mitigate Project Related Risk Factors

• Categories

  • Events
  • Information
    • Auditing
    • Business Continuity Info
    • IT Service Management
    • Organizational Resiliency
    • PS-Prep Program
    • Regulatory Compliance
    • Standards & Best Practices
  • Security
    • Cybersecurity
    • Environmental Security
    • Executive Protection
    • Homeland Security Dpt
    • Information Security
    • Physical Security
    • Regulatory Compliance
    • Safety
  • Tools & Resources
    • Community Projects
      • Forms & Checklists
      • Glossary
    • First Timers
      • FAQs
  • Uncategorized

• Archives

  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009

• What Others Are Reading About

  ANAB ASIS ASIS SPC.1-2009 best practices Business Continuity business continuity management business continuity planning Business Continuity Plans compliance compliance risk contingency planning corporate security crisis management cybersecurity cyber security data breach Department of Homeland Security DHS disaster recovery disaster recovery planning e-Discovery emergency response enterprise risk management FEMA Information Security information systems security network security NFPA 1600 organizational resilience Organizational Resiliency Physical Security preparedness privacy Private Sector Preparedness PS-Prep PS-Prep Program readiness Regulatory Compliance resilience Resiliency risk assessment risk management Security security management security policies Auditing (4)
  Business Continuity Info (89)
  Community Projects (2)
  Cybersecurity (26)
  Environmental Security (2)
  Events (3)
  Executive Protection (1)
  FAQs (1)
  Forms & Checklists (1)
  Glossary (2)
  Homeland Security Dpt (11)
  Information (2)
  Information Security (57)
  IT Service Management (6)
  Organizational Resiliency (12)
  Physical Security (15)
  PS-Prep Program (57)
  Regulatory Compliance (16)
  Regulatory Compliance (9)
  Safety (4)
  Standards & Best Practices (9)
  Tools & Resources (4)
  Uncategorized (2)
  

  WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.