Enterprise Security Risk Management (ESRM) is a strategic approach to security management that aligns an organization’s security practices to its overall strategy using established and accepted risk management principles. To support the enterprise and align with the organization’s strategy, security professionals should understand the organization’s context in terms of its mission and vision, core values, operating environment, and stakeholders. The practice of ESRM creates partnerships between security and those who own the assets at risk. It addresses all domains of security risk in a holistic manner and without silos. ESRM places risks in context, enabling asset owners to make informed decisions with guidance from security professionals by utilizing a cycle for risk management.
Crucible prides itself on having a broad and diverse collection of experiences in both the public and private sectors as well as both academically and practically. This broad experience from public sector law enforcement/criminal investigations to the highly regulated industries of energy creation/delivery and pharmaceuticals as well as industry-leading academic credentials and certifications set Crucible apart from its competitors. This collective experience and expertise allow Crucible to provide security management consultation on a wide array of security disciplines and/or challenges.
Conducting investigations properly, whether it be for an organization or an individual client, requires years of experience and “know-how” to legally gather the relevant evidence, testimony and supporting details in a manner that is not disruptive to an organization and that is proportionate to the matter under investigation. Of almost equal importance to conducting the investigation properly is the assembly of the gathered information in a report that accurately reflects the findings and is both definitive and easy to comprehend. While this may seem obvious, many investigative efforts are conducted without the consideration of relevant laws, jump to conclusions that are not supported by the facts developed and are then documented in a report that is poorly organized. Improperly or poorly handled investigations may create more liability for an organization that no investigation at all. There are many different types of investigations that Crucible. can offer assistance with related to the needs of an organization and individuals.
Crisis management is the process by which an organization deals with a disruptive and unexpected event that threatens to harm the organization or its stakeholders. An appropriate and exercised crisis management plan helps employees to adopt a focused approach during emergency situations. A crisis management plan elaborates the actions to be taken by management as well as the employees to lessen the impact of the event on the organization and maintain, as best as possible, the organization’s reputation and standing in the industry. Having identified responsibilities for management and employees should a crisis affect your organization and training the organization in a number of potential crisis scenarios, will enhance your organization’s ability to respond to a crisis situation. It may be recommended that some potential crisis scenarios are practiced and exercised with local law enforcement and/or fire department.