Earn Up to 18 CPE CREDITS
Reduce Risk ... Increase Resilience
Be a critical business partner to senior management.
What makes a risk, threat, and vulnerability assessment successful and effective? Why are assessments essential for organizational resilience?
This program starts by explaining the differences between risk, threat, and vulnerability and then demonstrates how assessments are absolutely essential for organizational resilience. Learn about acceptable business risk thresholds and the metrics you can use to describe them.
- Learn how to develop an effective risk management and assessment program that is highly valued within your organization.
- Understand how to integrate risk assessment into the business process
- Develop the skills to identify necessary people and assets that provide the enterprise tangible and intangible value.
- Learn how to develop a solid business case for the program—one that addresses cost, benefits, and operational aspects.
Who Should Attend
- Security management professionals across all public and private sectors
- Anyone involved with design, specifications, implementation, operation, or maintenance of security systems, including those in specialties such as emergency management, business continuity planning, facility and infrastructure management, HR, and others.
- Architects, designers, and integrators working on security project
This 3-day course offers a comprehensive examination of all aspects of planning and implementing a risk assessment program in any organization, small or large, public or private, and in any industry or setting. Through engaging lectures, eye-opening case studies, practical exercises and a relevant site visit, this program not only covers the essentials topics listed below, but also provides opportunities to apply the principles.
Communicating and Developing the Business Case
The key task behind planning and conducting a risk assessment program is developing an understanding of the organization to be assessed.
Enterprise Risk Management Process
Before starting the design and implementation of the risk assessment program, it is important to understand the objectives of the enterprise risk management program and to evaluate both the extent and efficacy of existing risk control measures and systems. Learn how to do this efficiently.
Enterprise Security Risk Management
Enterprise Security Risk Management (ESRM) is a security program management approach that links security activities to an enterprise's mission and business goals through risk management methods. Understand how to educate business leaders on the realistic impacts of identified risks, presenting potential strategies to mitigate those impacts, then enacting the option chosen by the business in line with accepted levels of business risk tolerance.
Critical thinking is so often a forgotten aspect of the risk analysis and assessment process, yet it is fundamental to risk analysis and assessment. Understanding how to formulate a question, knowing what you're looking for, and how that information is applied is indispensable to this process of risk assessment. By exploring other points of view and understanding other perspectives, you learn more about the subject, can reflect on the information you have,and how you feel.
Asset Characterization and Identification
Learn to identify and characterize the organization's assets in the context of critical thinking - the basis for all good analysis. This is the foundation for criticality and consequence analysis as well as for a majority of probability analysis, vulnerability analysis, and risk analysis itself. Comprehending the assets at risk is the first step in risk assessment. This leads to determining their criticality to the mission of the organization and determine the possible consequences if those assets are compromised.
Analyzing the Risk
What is the scope of the risk assessment program? Is it meeting the organization's risk assessment objectives? Does it consider the context of the organization, its needs, and requirements? The scope should define the processes, functions, activities, physical boundaries (facilities and locations), and stakeholders within the boundaries of the risk assessment program. Learn how to match the scope to the resources available.
Treatment of the Risks/Mitigation
Risk rating scales are defined in relation to an organizations' objectives and scope. Risks are typically measured in terms of impact and likelihood of occurrence. Impact scales of risk should mirror the units of measure used for organizational objectives, which may reflect different types of impact such as financial, personnel, and/or reputation.
Organizational Resilience and Risk
Building a resilient organization is a cross-disciplinary and cross-functional endeavor. An organizational resilience approach to managing risk encourages critical infrastructure businesses to develop a more natural capability to deal with unexpected disruptions to business-as-usual activity. Discover the most effective ways to approach resilience that allow organizations to adapt to changes in their operating environment over time.
Test, Measure, Review, Document Control and Assurance
Understand the various tools and techniques that can be utilized to determine risk assessment. Identify how the organization can now bring its individual residual risk ratings together into a portfolio view to identify interdependencies and interconnections. Management can then determine any actions necessary to revise its risk responses or address design or effectiveness of controls.
Managing a Risk Assessment Program
Thinking with the end in mind, the culmination of this workshop will be review as well as the foundation and fundamentals of a risk assessment program. A risk assessment program establishes a framework for the overall assessment steps in the risk assessment process. It sets parameters for the overarching organizational structure, resources, commitment, and documented methods used to plan and execute risk assessments with clearly defined objectives.
Visit a major employer in the Providence, RI area to see how the organization has applied the principles of risk management. Return to the classroom to further explore how theory and practice come together. (Site visit location will be announced soon.)
This course includes a visit to a third-party site. The host organization may require the use of non-disclosure agreements or have other requirements for visitors to the site. The site tour is subject to the requirements of the host organization.