Enterprise Security Management Program

Before a chapter discussing Enterprise Security Managemtn (ESM) can be written, an acceptable definition must be identified as a basis for further discussion. Ironically, this process has turned out to be one of the most difficult sections of this chapter as there are a number of different, equally valid, and generally accepted definitions used in the security industry today. To further cloud the issue, other concepts, systems, and programs exist that are similar in nature and are often used interchangeably such as Enterprise Risk Management (ERM) and Security Information/Event Management (SIM/SEM). ERM focuses on the identification, measurement, mitigation, and monitoring of risks in areas such as economic, business, and information technology. As we will see, a valuable input to a successful ESM program is a successful ERM program that provides a majority of the required inputs such as real-time information regarding the assets and vulnerabilities that are within an enterprise. Additionally, a SIM or SEM tool is generally concerned with the collection, consolidation, analysis, reporting, and alerting of security related data such as logs, alerts, and processes. It is often the "tool" that is used to provide the requisite input into the ESM program that will be detailed in this chapter.