top of page


Enterprise Security Risk Management Practices

We approach Enterprise Security Risk Management as a four-step process.


1.  The beginning of the value stream for Enterprise Security Risk Management begins with the identification and valuation of all assets.  The process for accomplishing this is an all-hazards risk, threat, and vulnerability assessment.

2.  Identifying security vulnerabilities and risks to each asset is accomplished through an in-depth analysis of all manmade, technological and natural threats, and their impact on people, property, and assets.

3.  This is followed by a prioritization of risk and the risk relationship to each asset which leads to a Master Plan.

4.  Development of risk treatment plans.


The finished product should provide a valuable roadmap for the Enterprise in resolving risk, removing uncertainty, and ensure longevity.


To facilitate this process Setracon, in partnership with The Nohbell Group, has created a proprietary solution titled ESRMra™,  ESRMra™ is a unique risk assessment process, embedded in Standards, capable of supporting large Enterprise or single facility assessments which cover all hazards and consider critical interdependence. The resulting reports and recommendations lead to true risk mitigation. View the ESRMra™ Data Sheet.

Security and Risk Consulting

  • Enterprise Security Risk Management; we are certified Master Quality Management Auditors capable of auditing to the following ISO and ANSI Standards


  • RABQSA-RES-Resilience Management Systems Auditing Security, Preparedness, Crisis, Continuity, and Recovery Management

  • Security Management ISO 28000

  • Resilience Management ISO 28002

  • Business Continuity Management ISO 22301

  • Risk Management ISO 31000

  • ANSI/ASIS/RIMS RA.12015 Risk Assessment


  • Organizational resilience management assessments and accreditation

  • Workplace violence consulting and best practices

  • Best Practices, risk assessment, and training for event and venue security

  • Qualitative and quantitative all hazards risk, threat, and vulnerability assessments leading to exceptional business continuity planning and emergency preparedness

  • MS SharePoint consoles and development

  • Design, review, and assessment of physical protection systems; i.e. cameras, lighting, card, key access systems, bio-metrics, alarm systems, fences, & barriers

  • Security Management Support including efficiency studies, cost-benefit analysis, and zero-based studies

  • Comprehensive threat analysis and open source intelligence collection

  • Blast hazard calculations, mitigation, protective design, procedures, and physical security systems

  • Security design review

  • Passive red teaming and penetration testing of physical security systems utilizing adversary pathing and estimated sequence of adversary interruption modeling

  • Investigations in the areas of harassment, discrimination, crime, and violence.

  • Expert witness testimony for security and training related matters

  • Security program policy and procedures, development, and review

  • Emergency response planning and exercise development utilizing the Homeland Security Exercise and Evaluation Program (HSEEP)

Setracon Risk Consulting
bottom of page