ERM begins by assessing your network or application infrastructure’s “weakest links,” as well as other possible venues of attack. . It provides a framework for risk management for ramifications of each compromise by attempting to escalate privileges on the entry points and reveal attack paths across multiple infrastructure layers . ERM assess organization’s objectives (risks and opportunities), in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall. Risk management plans the corrective action to take in order to minimize the effects of risk on an organization’s capital and earnings.
ERM frameworks describes an approach for identifying, analyzing, responding to, and monitoring risks and opportunities, within the internal and external environment facing the enterprise.
In order to deliver value to customers an effective ERM framework should be implemented understanding the types of risks faced by organization and should address them appropriately.