ESORMA is a unique, agile architecture, methodology and framework designed to help you manage Governance, Risk and Compliance. It allows a management team to communicate effectively with cyber security practitioners and vice versa. ESORMA is agile as it is expected to deal with a constantly changing threat landscape. ESORMA is clear as the scope is always applied to all domains. ESORMA is tuned for fast actionable solutions to real world problems without the clutter in order to ensure modern enterprises are as protected as they can be. In essence the practitioner can quickly develop an action plan and business managers will be assured underlying value activity is undertaken.

The ESORMA Domains

Security is complex enough in itself without needing to be further enshrouded in a cloak of mystery, theoretical language and messy artefacts. So for that reason ESORMA is written from the perspective of enabling and maintaining communications between staff and colleagues without being bogged down in the complexity, while allowing colleagues with the complex knowledge to implement at the detailed level.

ESORMA strips away the unnecessary terminology, methodology and mystery surrounding architecture and instead provides a practical, real world approach to managing information security. It does this by placing emphasis on key process areas that are always required to manage risk right from Governance at the top of an enterprise to operations at its bottom.

These areas are known as the essential domains of enterprise security and are: Scope, Priority, Evaluate, Enable, Harden, Monitor, Operations and Compliance. The framework delves into these domains and demonstrates how to effect strategic change and protection. This process can be applied at a top level by the team and at a deeper component level, determined and implemented by the practitioner.

Introducing the ESORMA Community

The core concept of ESORMA is to enable best practice and to ease integration of Cyber Security within a GRC framework. This would not be possible without a community of like minded people and the benefits of information and best practice sharing a committed community could bring.

As well as best practice, quick start kits, the ESORMA framework also provides an on-line platform members can also communicate through our unique and private messaging system in order to share resources and provide peer to peer support.

ESORMA Summary

The ESORMA domains image is deliberately not a map, and neither is it a grid, it simply shows that everything starts with a scoping exercise, and could go in any of seven directions of which all parts of the GRC framework reside. Whether your scope is full, broad, partial or specific. From wherever you start you can go in any direction. The objective is to suit the project you have in mind, not the ESORMA GRC framework.

Equally there is no insider language or unique and new conventions, there should be nothing new to learn or to confuse other people with. If any language is to be followed, it should be the language of the organisation that wants to employ the ESORMA framework or better still: plain english. As a convenient framework ESORMA provides the basis to include all parts of your business within while taking care of security.

In addition there are a range of tools and services available within the online community platform that will facilitate fast start opportunities and get you talking to peers within the industry.