Mike Butler: ERM allows us to see all significant or critical risks across the organization from one vantage point. Security risk involves not just financial impact, but reputational risk of how the community trusts and has confidence in the organization. Identification, assessment, management plans are in one functional place, but operational leaders are still responsible for the risks of the functions they lead. Butler: Security risk is something that needs to be addressed in the overall enterprise risk-management portfolio. You can, and should, determine the potential financial and reputual impacts of information security threats and mitigate them.”]
Source: https://www.csoonline.com/article/2128672/ask-the-boss–a-coo-s-perspective-on-erm.html