Julian Talbot, FRMIA
Managing Director, SERT Pty Ltd

Julian has over 35 years of international security risk management experience gained on five continents in the resources, commercial, government, and not-for-profit sectors. His credentials include a Master of Risk Management (MRiskMgt), Graduate of the Australian Institute of Company Directors (GAICD), Australian Security Medal (ASM), Certified Protection Professional (CPP), Microsoft Certified Systems Engineer (MCSE), and Fellow of the Risk Management Institution of Australasia (RMIA). He is the author of several books on security and the lead author of the Security Risk Management Body of Knowledge.

Enterprise Security Risk Assessment (ESRA)

What is enterprise security risk assessment? You wouldn’t be alone in asking that. If you’ve been dealing with them for years, it probably feels self-evident and natural, a bit like riding a bike or following a bouncing ball. For those unfamiliar with ESRAs, it can feel intimidating, ambiguous, and as complex as a Rubik’s cube.

I’ve been conducting enterprise security risk assessments (ESRAs) for over 25 years now; on some of the largest organizations in the world. The $24 billion North West Shelf Gas Project, the Australian Department of Defence, and the Australian Trade Commission to name just a few. I’ve learned a lot over that time and had to invent and evolve a process. Rather than tell you how to do an ESRA in academic terms, I will present examples of ESRAs and security risk treatment plans. To show rather than tell.

  • What is an ESRA?
  • What is the process?
  • How long will it take?
  • How much will it cost?
  • What outcomes can I expect?