Taking a holistic view of risk

A look at how ESRM initiatives have evolved


The sessions from (ISC)2 will look at controlling access to sensitive information in a secure environment (it will also feature representatives from the International Association of Privacy Professionals as well as a member of the CSO Roundtable); device tracking at the enterprise level, an exploration of the security challenges posed the use by criminals of device-tracking tools; and the importance of gaining a global perspective of security.

Managing remote and third-party access to networks is the focus of the IT-ISAC session. Via case studies, this session will examine the challenge of securing corporate networks while providing access to those networks to untrusted individuals such as contractors. ISACA sessions will look at how governance and management work together as well as how to create a strong business model for information security.

The hot topic of cloud computing is another area in which ASIS is increasing its involvement. The Cloud Security Alliance will join a Friday morning panel session at Seminar to examine the challenges of cloud security. And the ASIS Physical Security and IT Security councils have collaborated on an in-depth white paper that describes how cloud computing will affect physical-security professionals; they followed up with a well-attended Webinar that brought new perspectives to cloud computing.

It is important to remember that security does not own risk any more than the finance department does - or for that matter, any more than the legal department and various other departments do. Risk is something shared throughout the organization, and it should be clear that security executives cannot afford to ignore the financial risks that their organizations face. That's why ASIS will be partnering with the Risk and Insurance Management Society (RIMS) as well, creating a collaboration that highlights the importance of ESRM. As with our other partners, we will work together with RIMS to create educational and training opportunities that will ensure a holistic view of risk becomes the norm, not the exception.

These collaborations could not be more important to the security profession; nor could they be more timely. After all, the severe economic downturn and the spate of natural and man-made disasters we have seen just over the past few months should remind us that no one owns risk - everybody does.

Joseph "Bob" Granger is security director for the United Space Alliance, and he is the President of ASIS International.