Communicating, Consulting, Establishing the Context, and Developing the Business Case
The key task behind planning and conducting a risk assessment program is developing an understanding of the organization to be assessed.
Risk Management Process
Learn how and why the risk management context of the organization describes the scope as well as risk control parameters, methods, and plans currently in place for the risk management activities. Before starting the design and implementation of the risk assessment program, it is important to understand the objectives of the risk management program and to evaluate and understand both the extent and efficacy of the current risk control measures and system.
Risk Assessment—Analyzing the Risk
The scope of the risk assessment program should be defined in order to achieve the risk assessment objectives and should consider the context of the organization, its needs, and requirements. The scope should define the processes, functions, activities, physical boundaries (facilities and locations), and stakeholders to include within the boundaries of the risk assessment program. The scope of the risk assessment program will have a direct effect on the resource and time requirements needed for the individual risk assessments. When setting the scope of the risk assessment program, it should be kept in mind that resource and time requirements are directly proportional to the size of the scope.
Risk Assessment—Treatment of the Risks/Mitigation
Risk rating scales are defined in relation to organizations’ objectives in scope. Risks are typically measured in terms of impact and likelihood of occurrence. Impact scales of risk should mirror the units of measure used for organizational objectives, which may reflect different types of impact such as financial, people, and/or reputation. Similarly, the time perspective used to assess the likelihood of risks should be consistent with the time perspectives related to objectives.
Organizational Resilience and Risk
Quintessential in completing proper risk assessment is understanding the process of resiliency. Building a resilient organization is a cross-disciplinary and cross-functional endeavor. An organizational resilience approach to managing risks encourages critical infrastructure businesses to develop a more natural capability to deal with unexpected disruptions to business-as-usual activity. The resilience approach also helps organizations adapt to changes in their operating environment that occur over longer timeframes thereby demonstrating the importance of risk assessment.
Risk Assessment—Test, Measure, Review, Document Control and Assurance
Understand the various tools and techniques that can be utilized to determine risk assessment. Identify how the organization can now bring its individual residual risk ratings together into a portfolio view to identify interdependencies and interconnections between risks, as well as the effect of risk responses on multiple risks. Management can then determine any actions necessary to revise its risk responses or address design or effectiveness of controls. Successful implementation should translate into reduced risk exposures on the organization’s risk map.
Practically apply the principles set forth through a site visit (site to be determined). The key to any proper security master plan and the maintenance of organizational resilience is the objective evaluation of risk in which assumptions and uncertainties are clearly considered and presented. Risk assessments, if performed properly, provide that through a comprehensive examination of threats and vulnerabilities to determine that potential for loss.
Registrants should be aware that this course includes a visit to a third party site and that the host organization may require the use of non-disclosure agreements. Subject to the requirements of the host organization, the agreements offered to nationals and non-nationals of the host country may differ.