There are a few heavyweight well-regarded governance frameworks in use by enterprises, and government bodies. They help ensure that enterprises follow best practices and operate in a secure manner. There are many benefits and in some cases, they have been in use for many decades. They are proven not to extend well into the complex areas of IT security, or more specifically Cyber Security. In practice, most get bogged down in small details, and security is often slowed and fraught with problems as a result. The reasons are straightforward, the threat landscape is constantly changing and existing frameworks are incomplete or complex. The bigger frameworks are ideally suited to working where there are groups of people who share a common understanding of the business operation as well as the need for best practices. Unfortunately when it comes to complex IT and Cyber Security matters, while most will share a common understanding of the business operations in essence, few understand it at a technical level and this is where the difficulty exists. The top-down approach works well in principle, yet when it comes to Cyber Security, many can't keep up, it is easy to become bewildered and confused. By the time it is all explained the process can become very frustrating for those involved and time, usually of the essence is lost. This is especially the case when solutions, although complex, may be low-cost and fast for a practitioner to implement. There is a need, therefore for a straightforward, plain, and simple security architecture framework that does away with unnecessary terminology, verbosity, and complexity that could bridge the gap and enable an organisation to communicate its mission and to follow the plan it has, effectively. Introducing ESORMA: Enterprise Security Operations Risk Management Architecture