Enterprise security risk management (ESRM) is a planned strategy that identifies and assesses possible security problems that may jeopardize the enterprise's growth, assets, sustainability, or defined objectives. The ESRM supports the process of identifying the set of security risks to be monitored actively and to deliver scenarios of efficient actions. It also offers recommendations to senior managers and stakeholders in the form of routine and executive actions and reports. In this chapter, the author implemented his research on a specific mixed method that is supported by a heuristics component, the applied holistic mathematical model for enterprise security risk management (AHMM4ESRM). The AHMM4ESRM can be also used for financial, operations, and governance services to detect various types of irregularities.
TopIntroduction
Business environments, governments and organizations (or simply Entities) are increasingly using Cybertechnologies to become Cyberentities. The transformed Cyberentity, has to face new challenges, dangers and security Risks (sRisk), when implementing its infrastructure and Information and Communication System (ICS). One of the most important sRisks is the stability of an Entity in an unsafe and unstable ecosystem that is mainly based on the ICS. Therefore, the security of an Entity should have a holistic concept like the ESRM for an Entity transformation project (or simply Project). The ESRM includes a methodology and a concept to manage security for Entities, which includes classical and Cybersecurity. Cybersecurity is employed in the Entity’s architecture and operations processes. Entity’s transformation has many tangible advantages and unfortunately has also many risks and pitfalls. Entity’s main sRisks are: data, assets and resources platform security, but there is a whole set of other types of ICS and domain sRisks. Entities are more or less sensitive on classical attacks and Cyberattacks, depending on the size of the Entity, volume of transactions, data management and the applied agility. In order to identify classified Entity’s security breaches like data leaking, the proposed ESRM proposes a systematic and holistic approach to ICS’ resources protection that includes Cybersecurity mechanisms. Cybersecurity is essential for ensuring the Entity’s sensitive information, assets and resources protection from a probable use of personal information that can be leaked and can be used by hackers. Entities are facing excessive requests to optimize their assets and minimize sRisks, to guarantee sustainability, optimize costs, support frequent transformation initiatives and to integrate legal, security and governance frameworks. The ESRM is supported by a Decision Making System for ESRM (DMS4ESRM) for planning, inventory and risk mitigation activities. The DMS4ESRM, uses Artificial Neural Networks (ANN) based heuristics reasoning engine that is optimal for solving complex problems. The DMS4ESRM is domain agnostic and uses a holistic approach and is based on a reasoning concept that is a qualitative method that manages, weighting mechanisms, rates Critical Success Factor (CSF) sets, actions and solutions (Capecchi, Buscema, Contucci, D'Amore, 2010). Hence the CSFs are the most important mapping/relation between the ESRM, financial status, organizational predisposition and DMS4ESRM; that can a subject for Cyberattacks or global crime schemes (Peterson, 2011). The ESRP uses scenarios that are sets of services and rules to manage sRisks which can have a fatal impact on capital markets. The AHMM4ESRM considers sRisks (or exposures) measurable and transmits the profits and losses to the bottom-line process (Trad, & Kalpić, 2020a). Entities face a set of barriers and difficult situations, which need the management of sRisks using a specialized framework to support their activities. sRisks may include CSFs related to: reputation, routine operational procedures, legal and human resources management, financial, the risk of failure of internal controls systems related to the Sarbanes-Oxley Act (SOX) and global governance. The ESRM focuses on assessing sRisks and using the DMS4ESRM to estimate possible dangers and to offer solutions. Solutions, include just-in-case alternatives for routine activities and practices to manage potential security problems. A Project integrates various objects, like ESRM managers and/or the creation of a department for risk management supported by a quality control team (Kenton, 2020). Possible ESRM risks are: 1) Hazard risks, which include risks that present a high level of threat to life, health or property; 2) Financial risks, refer to risks that are directly related to money; 3) Strategic risks are risks that affect or are created by strategic decisions; 4) Operational and security risks are risks that influence the Entity; 5) ESRM main fields and background.