Description: Is security management changing so fast that you can't keep up? Perhaps traditional best practices in security no longer work? Then you need better best practices! Two experienced professionals introduce ESRM. This practical, organization-wide, integrated approach redefines securing your people and assets from task- to risk-based.
Brief description: Brian Allen has more than 20 years' experience in virtually every aspect of the security field. He most recently held the position of Chief Security Officer (CSO) with Time Warner Cable (TWC), a leading multinational provider of telecommunications, information, and entertainment services headquartered in New York City. In this role, he was responsible for protecting TWC's assets worldwide, coordinating the company's crisis management and business continuity management (BCM) programs, managing TWC's cybersecurity policy and leading its security risk management program. He managed the company's security policy and relations with law enforcement and government authorities, as well as all customer security risk issues, oversaw internal and external investigations, and headed the company's workplace violence program. Before joining TWC in January 2002, he was Director of the Office of Cable Signal Theft at the National Cable and Telecommunications Association in Washington, D.C., and the owner of ACI Investigations, a multimillion-dollar provider of security guard, investigations, and consulting services. Brian earned his Bachelor of Science degree in criminal justice from Long Island University and received his Juris Doctor degree from Touro Law Center in New York. He is a member of the New York State Bar Association, a Certified Protection Professional (CPP) with ASIS, a Certified Information Systems Security Professional (CISSP) with ISC2, a Certified Fraud Examiner (CFE) with the ACFE and a Certified Information Security Manager (CISM) with ISACA. Brian is also a member of the International Security Management Association and the Association of Threat Assessment Professionals. Brian is an Adjunct Professor at the University of Connecticut, School of Business MBA Program and is active in industry organizations. He served as a member of the Communications Infrastructure Reliability and Interoperability Council (CSRIC), an FCC appointed position, and co-chaired its working group on Cybersecurity Best Practices and the Cybersecurity Framework. He is also one of four elected communications company representatives to serve on the Executive Committee of the US Communications Sector Coordinating Council (CSCC). He works with the Cross Sector Cybersecurity Working Group, established by the U.S. Department of Homeland Security (DHS) under the Critical Infrastructure Partnership Advisory Council. Brian has served on the board of directors of ASIS International, and the board of trustees of ASIS International's Foundation. He is currently a member of the Board of Directors of the Domestic Violence Crisis Center in Connecticut.
Review Quotes:
Book Review: The Manager's Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security.
10 March 2018 by Brian J. Allen, CPP, and Rachelle Loyear. Reviewed by Rachid Kerkab
Appears In March 2018 Print Issue Security Management, a Publication of ASIS International
Rothstein Publishing; Rothstein.com; ebook.
The security landscape is evolving at an enormous speed. Volatility, uncertainty, complexity, and ambiguity are the new normal. So, how do you address security challenges in such an environment? The answer is through enterprise security risk management (ESRM), an integrated risk-based approach to managing security risks. It brings together cyber, information, physical security, asset management, and business continuity. ASIS has made ESRM a global strategic priority.
In the Manager's Guide to Enterprise Security Risk Management, authors Allen and Loyear provide a comprehensive overview of the principles and applications underlying the ESRM philosophy. They set the stage in the first part of the book with an introduction to ESRM and share some important insights on the differences between traditional security and the ESRM approach, illustrating their points with examples.
The second part of the book guides the reader through the implementation of an ESRM program. One excellent chapter promotes design thinking as a conceptual model for ESRM. A design thinking approach can provide a unique platform for innovation and overcoming new security challenges.
Finally, the book provides insights and strategies to ensure the success of the ESRM program. It explains what an executive needs to know about ESRM, and gives readers the tools to succeed.
In sum, this guide accomplishes exactly what it set out to do--provide security leaders and managers with the principles and applications to explore, design, implement, and secure the success of an ESRM program.
Note: The authors of this book recently published a more detailed look at ESRM in Enterprise Security Risk Management: Concepts and Applications, also published by Rothstein Publishing.
Reviewer: Rachid Kerkab has almost two decades of experience in criminology, security strategy, risk, and resilience. He is a member of ASIS.