Skip Navigation LinksASIS International / Education & Events / Education Programs / Classroom / Risk, Threat and Vulnerability Assessment

Risk, Threat and Vulnerability Assessment

What are CPE credits?
up to
CPE Credits
21 - 22 October 2015
Hyatt French Quarter

Reduce Risk ... Increase Resilience

Be a critical business partner to senior management

What makes a risk, threat, and vulnerability assessment successful and effective? Why are assessments essential for organizational resilience?

This program starts by explaining the differences between risk, threat, and vulnerability and then demonstrates how assessments are absolutely essential for organizational resilience.

Learn about acceptable business risk thresholds and the metrics you can use to describe them, including a unique Risk, Threat, and Vulnerability assessment tool.

Registration Fees


 Immediate Benefits

  • Learn how to develop an effective risk management and assessment program that is highly valued within your organization.

  • Understand how to integrate risk assessment into the business process Develop the skills to identify necessary people and assets that provide the enterprise tangible and intangible value.

  • Learn how to develop a solid business case for the program—one that addresses cost, benefits, and operational aspects.

 Who Should Attend

  • Security management professionals across all public and private sectors

  • Anyone involved with design, specifications, implementation, operation, or maintenance of security systems, including those in specialties such as emergency management, business continuity planning, facility and infrastructure management, HR, and many more

  • Architects, designers, and integrators working on security projects

 Program Overview

This 2-day course offers a comprehensive examination of all aspects of planning and implementing a risk assessment program in any organization, small or large, public or private, and in any industry or setting. Through engaging lecture, eye-opening case studies, and a site visit to see the principles in action, this program covers the essentials topics listed below. A Risk, Threat & Vulnerability Assessment tool will be introduced for applying the principles taught.

Risk Management Process
Before starting the design and implementation of the risk assessment program, it is important to understand the objectives of the risk management program and to evaluate and understand both the extent and efficacy of the current risk control measures and system, if one is in place. Learn how to do this efficiently.

Risk Assessment—Analyzing the Risk
What is the scope of the risk assessment program? Is it meeting the organization’s risk assessment objectives? Does it consider the context of the organization, its needs, and requirements? The scope should define the processes, functions, activities, physical boundaries (facilities and locations), and stakeholders to include within the boundaries of the risk assessment program. Learn how to match the scope with the resources available.

Risk Assessment—Treatment of the Risks/Mitigation
Risk rating scales are defined in relation to organizations’ objectives in scope. Risks are typically measured in terms of impact and likelihood of occurrence. Impact scales of risk should mirror the units of measure used for organizational objectives, which may reflect different types of impact such as financial, personnel, and/or reputation.

Organizational Resilience and Risk
Building a resilient organization is a cross-disciplinary and cross-functional endeavor. An organizational resilience approach to managing risks encourages critical infrastructure businesses to develop a more natural capability to deal with unexpected disruptions to business-as-usual activity. Discover the most effective ways to approach resilience that allow organizations to adapt to changes in their operating environment over time.

Risk Assessment—Test, Measure, Review, Document Control and Assurance
Understand the various tools and techniques that can be utilized to determine risk assessment. Identify how the organization can now bring its individual residual risk ratings together into a portfolio view to identify interdependencies and interconnections. Management can then determine any actions necessary to revise its risk responses or address design or effectiveness of controls.

NEW! Case Studies
Each section will include practical case studies that will demonstrate the concepts learned.

NEW! Interactive Exercise
A Risk, Threat & Vulnerability Assessment tool will be used by the class for practically applying the principles taught.

Site Visit
See how an organization has applied the principles set forth through a site visit (site to be determined).

Please Note:
Registrants should be aware that this course includes a visit to a third party site and that the host organization may require the use of non-disclosure agreements. Subject to the requirements of the host organization, the agreements offered to nationals and non-nationals of the host country may differ.

 Hours, Fees, & Hotels

Registration Hours
5:00 pm-6:00 pm

7:00 am-8:00 am

Program Hours
8:00 am–5:00 pm

Registration Fees
Fee includes daily continental breakfast, refreshment breaks and a networking reception. Hotel costs are not included.

  Early Bird
Member $   825 $  925
Nonmember $1,125 $1,225

ASIS Certificate Program
This classroom program will soon have an associated Certificate Exam. Learn more about the ASIS Certificate Program.

Hotel Information

The Hyatt French Quarter New Orleans
800 Iberville Street
New Orleans, LA

Be sure to mention ASIS when requesting the special room rate of $179 single/double (plus tax). It will be honored until September 28 or until the room block is full.


Team Discount:
Receive a 10% discount when three to five attendees register from the same organization, 15% for six or more. Email for details.

Certification Discount:
ASIS members and nonmembers holding the distinction of CPP, PCI, and PSP receive a $25 discount per classroom program. This discount is automatically applied at checkout.


Mr J Kelly Stewart
  • Mr J Kelly Stewart
  • Managing Director & CEO
  • Newcastle Consulting
  • Leesburg VA, UNITED STATES
  • Colleagues: 0
Session: Identifying Risk Assessment Methods
Session: Team Presentations, Regulations, Standards, and Policies and Procedures
Session: Establishing the Context
Session: Defining Risk and Risk, Threat and Vulnterability Assessment
Session: Analyzing the Risks
Session: Test, Measure, Review, Document Control and Assurance
Session: Identifying Risks
Session: Enterprise Security Risk Management Stakeholders, Organizational Objectives
Session: Review, Findings, Breakouts
Session: Overview of Organizational Resilience

Bio: o J. Kelly Stewart is Managing Director & CEO of an Enterprise Risk, Strategic Security and Information Management Consultancy who brings 25 years of public and private sector experience as a seasoned enterprise security risk management practitioner, executive protection professional and physical security systems designer. He has led multi-national security risk management operations, protection details and complex physical security programs. Mr. Stewart is a key leadership advisor and business partner in developing and executing security strategies in support of overall organizational resiliency. He is viewed as a well-respected security visionary, strong collaborator, and highly effective communicator focused on holistic security programs that add value to corporate as well as Government entities. Mr. Stewart enables executives to focus their organizations on core competencies where they can achieve definable advantages and add value to their client base thus facilitating and protecting strategic advantages they have in the marketplace. His belief is that proactive, predictive, and responsive advice and access to information critical in building a companies' resilience to operational risk, thereby protecting its people and assets. Mr. Stewart served a distinguished tenure with the United States Secret Service coordinating advance operations with law enforcement representatives in the areas of technical security, intelligence information, threat identification and planning, emergency evacuation operations as well as completing multiple advances for the President and first family trips. He has been a key advisor to the Chief of Defense Nuclear Security on matters of security policy and special projects, concentrating on physical security systems design and operations, vulnerability assessments, technology applications and security management. Mr. Stewart was one of the principal contributors to the Technical Implementation Guidance (PACS document) on Smart Card Enabled Physical Access Control Systems - one of the key documents used for implementing a Policy for a Common Identification Standard for Federal Employees and Contractors. He assisted other Federal agencies including but not limited to the National Nuclear Security Administration, US Departments of Defense, Homeland Security, US State Department, US Justice Department & the Nuclear Regulatory Commission in its development and application. Mr. Stewart holds three Master degrees (MBA, International Business; MA, Business & Organizational Security Management; MA, Project Management) and is board certified as a homeland security professional, anti-terrorism specialist, and as a forensic consultant.