Enterprise Security Risk Management (ESRM) is about identifying and preventing risks and threats in organizations. It follows best practices and documents risks and threats in order to proactively respond to security risks in the event of future events.
In addition to various enterprise-specific practices for mitigating risk, there are also some commonly accepted practices that relate to identifying and quantifying existing device equipment, infrastructure and resources because they are the most common targets for attack. Identifying and quantifying security risks, assessing threat potential, and evaluating risk is another important aspect of ESRM. This should include analyzing the vulnerabilities in the infrastructure and for each individual device, andreviewing the protection mechanisms. The company's security policies should also stand up to scrutiny, from the perspective of device and system protection.