Skip to content

Risk, Threat and Vulnerability Assessment

location_on Providence, RI
$1095 Member Price
$1395 Nonmember Price

Earn Up to 18 CPE CREDITS

Reduce Risk ... Increase Resilience
Be a critical business partner to senior management.

What makes a risk, threat, and vulnerability assessment successful and effective? Why are assessments essential for organizational resilience?

This program starts by explaining the differences between risk, threat, and vulnerability and then demonstrates how assessments are absolutely essential for organizational resilience. Learn about acceptable business risk thresholds and the metrics you can use to describe them.

Immediate Benefits

  • Learn how to develop an effective risk management and assessment program that is highly valued within your organization.
  • Understand how to integrate risk assessment into the business process
  • Develop the skills to identify necessary people and assets that provide the enterprise tangible and intangible value.
  • Learn how to develop a solid business case for the program—one that addresses cost, benefits, and operational aspects.

Who Should Attend

  • Security management professionals across all public and private sectors
  • Anyone involved with design, specifications, implementation, operation, or maintenance of security systems, including those in specialties such as emergency management, business continuity planning, facility and infrastructure management, HR, and others.
  • Architects, designers, and integrators working on security project

Program Overview

This 3-day course offers a comprehensive examination of all aspects of planning and implementing a risk assessment program in any organization, small or large, public or private, and in any industry or setting. Through engaging lectures, eye-opening case studies, practical exercises and a relevant site visit, this program not only covers the essentials topics listed below, but also provides opportunities to apply the principles.

Communicating and Developing the Business Case
The key task behind planning and conducting a risk assessment program is developing an understanding of the organization to be assessed.

Enterprise Risk Management Process
Before starting the design and implementation of the risk assessment program, it is important to understand the objectives of the enterprise ​​​risk management program and to evaluate both the extent and efficacy of existing risk control measures and systems. Learn how to do this efficiently.

Enterprise Security Risk Management
Enterprise Security Risk Management (ESRM) is a security program management approach that links security activities to an enterprise's mission and business goals through risk management methods. Understand how to educate business leaders on the realistic impacts of identified risks, presenting potential strategies to mitigate those impacts, then enacting the option chosen by the business in line with accepted levels of business risk tolerance.

Critical Thinking
Critical thinking is so often a forgotten aspect of the risk analysis and assessment process, yet it is fundamental to risk analysis and assessment. Understanding how to formulate a question, knowing what you're looking for, and how that information is applied is indispensable to this process of risk assessment. By exploring other points of view and understanding other perspectives, you learn more about the subject, can reflect on the information you have,and how you feel.

Asset Characterization and Identification
Learn to identify and characterize the organization's assets in the context of critical thinking - the basis for all good analysis. This is the foundation for criticality and consequence analysis as well as​ for a majority of probability analysis, vulnerability analysis, and risk analysis itself. Comprehending the assets at risk is the first step in risk assessment. This leads to determining their criticality to the mission of the organization and determine the possible consequences if those assets are compromised.   

Analyzing the Risk
What is the scope of the risk assessment program? Is it meeting the organization's risk assessment objectives? Does it consider the context of the organization, its needs, and requirements? The scope should define the processes, functions, activities, physical boundaries (facilities and locations), and stakeholders within the boundaries of the risk assessment program. Learn how to match the scope to the resources available.

Treatment of the Risks/Mitigation
Risk rating scales are defined in relation to an organizations' objectives and scope. Risks are typically measured in terms of impact and likelihood of occurrence. Impact scales of risk should mirror the units of measure used for organizational objectives, which may reflect different types of impact such as financial, personnel, and/or reputation.

Organizational Resilience and Risk
Building a resilient organization is a cross-disciplinary and cross-functional endeavor. An organizational resilience approach to managing risk encourages critical infrastructure businesses to develop a more natural capability to deal with unexpected disruptions to business-as-usual activity. Discover the most effective ways to approach resilience that allow organizations to adapt to changes in their operating environment over time.

Test, Measure, Review, Document Control and Assurance
Understand the various tools and techniques that can be utilized to determine risk assessment. Identify how the organization can now bring its individual residual risk ratings together into a portfolio view to identify interdependencies and interconnections. Management can then determine any actions necessary to revise its risk responses or address design or effectiveness of controls.

Managing a Risk Assessment Program
Thinking with the end in mind, the culmination of this workshop will be review as well as the foundation and fundamentals of a risk assessment program. A risk assessment program establishes a framework for the overall assessment steps in the risk assessment process. It sets parameters for the overarching organizational structure, resources, commitment, and documented methods used to plan and execute risk assessments with clearly defined objectives.

Site Visit
Visit a major employer in the Providence, RI area to see how the organization has applied the principles of risk management. Return to the classroom to further explore how theory and practice come together. (Site visit location will be announced soon.)

Please Note:
This course includes a visit to a third-party site. The host organization may require the use of non-disclosure agreements or have other requirements for visitors to the site. The site tour is subject to the requirements of the host organization​​​​.


Amy M. Poole


Amy Poole has five years of experience in managing corporate security programs and projects.  With her prior background in audit and compliance, Amy brings a history of risk-based work to her security approach, tailoring enterprise security programs to an Enterprise Security Risk Management (ESRM) model.

J. Kelly Stewart

Managing Director and CEO, Newcastle Consulting, LLC

Kelly draws upon more than 25 years of public and private sector experience with Fortune 500 and 100 corporations as a Chief Security Officer; an international, physical security operations practitioner; and a risk management advisor. Kelly is an internationally recognized instructor, speaker, and authority on comprehensive risk assessment, security master planning, and security design and integration. 

Mark Schreiber, CPP

Principal Consultant, Safeguards Consulting, Inc.

Mark Schreiber is a security engineer and technical consultant who has been in the industry for nearly 20 years. He has designed all forms of physical security systems across the globe including large campus, critical infrastructure systems that integrate complex access control, video surveillance, and perimeter intrusion systems for Fortune 100 clients. Mark has been involved in several ASIS Councils.  


"This workshop helps attendees establish a solid foundation to build a RTVA program. The program speakers were content experts in their field. Their ability to share personal experiences as they were presenting the workshop contents was very helpful."
Dr. Timothy Burke, Advocate Health Care

Hotel, Fees and Schedule

Hotel, Fees and Schedule

Providence Marriott Downtown
1 Orms Street
Providence, RI 02904

Be sure to mention ASIS when requesting the special room rate of $179 single/double (plus tax). It will be honored until the room block is full or April 13, 2018.

Book your hotel now at the special discounted group rate


Delta Air Lines is pleased to offer travel discounts for ASIS International. To take advantage of these travel discounts, book your flights online or call +1.800.328.1111 and refer to meeting event code NMRV2 (Monday-Friday, 7:30 am - 7:30 pm CT).

Delta Airlines Logo

  • Discounts apply to round trip travel only
  • Not valid with other discounts, certificates, coupons or promotional offers
  • Fare rules will determine eligibility

Please note: There is no service fee for reservations booked and ticketed via our reservation 800 number.

Registration Fees

Register before March 24th and save $100!

Member - $1095
Nonmember  - $1395

Fees include daily continental breakfast, lunch on day one, a networking reception, and refreshment at  breaks. Hotel costs and certificate exam free are not included.

Registration Hours

Sunday, May 6
5:00–6:00 pm

Monday, May 7
7:00-8:00 am

Program Hours

Monday, May 7
8:00 am–5:00 pm

Tuesday, May 8
8:00 am–5:00 pm

Wednesday, May 9
8:00 am–3:00 pm ​




If confirmation of registration and payment has not been received three days prior to the event, please email

Certificates of Attendance

ASIS reserves the right to withhold certificates, if attendance requirements are not met.

Last-Minute Registrations

While we welcome all registrations, including those on-site, the availability of handout materials cannot be guaranteed.


Business casual is recommended.

Continuing Professional Education (CPE)

Each 50-minutes of instruction is worth one CPE. This program awards up to 14 CPEs.

Alternate Registration Methods

If you prefer, you can register by phone +1.703.519.6200, fax+1.703.519.6299, or mail.

Cancellation and Transfer Policy

For a full refund or transfer credit, written requests must be received at least 10 days before the start date of the program. Those received less than 10 days prior will be charged a $100 cancellation/transfer fee.

Transfers will be limited to a maximum of two per original registration. No refunds or transfers are made for requests received on or after the start date. Contact us at +1.703.519.6200 or fax your request to ASIS Member Services at +1.703.519.6298.

Tours of Third-Party Sites

When a program includes a visit to or a tour of a third-party site, the host organization may require the use of non-disclosure agreements. Subject to the requirements of the host organization, the agreements offered to nationals and non-nationals of the host country may differ.

Team Discount

Receive a 10% discount when three to five attendees register from the same organization, 15% for six or more. Email for details.​