Skip to content

Risk, Threat and Vulnerability Assessment - SOLD OUT!

location_on Atlanta, GA
$1095 (Standard) Member Price
$1395 (Standard) Nonmember Price


Earn Up to 18 CPE CREDITS

Reduce Risk ... Increase Resilience
Be a critical business partner to senior management.

What makes a risk, threat, and vulnerability assessment successful and effective? Why are assessments essential for organizational resilience?

This program starts by explaining the differences between risk, threat, and vulnerability and then demonstrates how assessments are absolutely essential for organizational resilience. Learn about acceptable business risk thresholds and the metrics you can use to describe them.

This workshop helps attendees establish a solid foundation to build a RTVA program. The program speakers were content experts in their field. Their ability to share personal experiences as they were presenting the workshop contents was very helpful.
--Dr. Timothy Burke, Advocate Health Care

Worth the investment. A great opportunity to expand knowledge and network with industry peers.

Immediate Benefits

  • Learn how to develop an effective risk management and assessment program that is highly valued within your organization.
  • Understand how to integrate risk assessment into the business process
  • Develop the skills to identify necessary people and assets that provide the enterprise tangible and intangible value.
  • Learn how to develop a solid business case for the program—one that addresses cost, benefits, and operational aspects.

Who Should Attend

  • Security management professionals across all public and private sectors
  • Anyone involved with design, specifications, implementation, operation, or maintenance of security systems, including those in specialties such as emergency management, business continuity planning, facility and infrastructure management, HR, and others.
  • Architects, designers, and integrators working on security project

Program Overview

This 3-day course offers a comprehensive examination of all aspects of planning and implementing a risk assessment program in any organization, small or large, public or private, and in any industry or setting. Through engaging lectures, eye-opening case studies, practical exercises and a relevant site visit, this program not only covers the essentials topics listed below, but also provides opportunities to apply the principles.

Communicating and Developing the Business Case
The key task behind planning and conducting a risk assessment program is developing an understanding of the organization to be assessed.

Enterprise Risk Management Process
Before starting the design and implementation of the risk assessment program, it is important to understand the objectives of the enterprise ​​​risk management program and to evaluate both the extent and efficacy of existing risk control measures and systems. Learn how to do this efficiently.

Enterprise Security Risk Management
Enterprise Security Risk Management (ESRM) is a security program management approach that links security activities to an enterprise's mission and business goals through risk management methods. Understand how to educate business leaders on the realistic impacts of identified risks, presenting potential strategies to mitigate those impacts, then enacting the option chosen by the business in line with accepted levels of business risk tolerance.

Critical Thinking
Critical thinking is so often a forgotten aspect of the risk analysis and assessment process, yet it is fundamental to risk analysis and assessment. Understanding how to formulate a question, knowing what you're looking for, and how that information is applied is indispensable to this process of risk assessment. By exploring other points of view and understanding other perspectives, you learn more about the subject, can reflect on the information you have,and how you feel.

Asset Characterization and Identification
Learn to identify and characterize the organization's assets in the context of critical thinking - the basis for all good analysis. This is the foundation for criticality and consequence analysis as well as​ for a majority of probability analysis, vulnerability analysis, and risk analysis itself. Comprehending the assets at risk is the first step in risk assessment. This leads to determining their criticality to the mission of the organization and determine the possible consequences if those assets are compromised.   

Analyzing the Risk
What is the scope of the risk assessment program? Is it meeting the organization's risk assessment objectives? Does it consider the context of the organization, its needs, and requirements? The scope should define the processes, functions, activities, physical boundaries (facilities and locations), and stakeholders within the boundaries of the risk assessment program. Learn how to match the scope to the resources available.

Treatment of the Risks/Mitigation
Risk rating scales are defined in relation to an organizations' objectives and scope. Risks are typically measured in terms of impact and likelihood of occurrence. Impact scales of risk should mirror the units of measure used for organizational objectives, which may reflect different types of impact such as financial, personnel, and/or reputation.

Organizational Resilience and Risk
Building a resilient organization is a cross-disciplinary and cross-functional endeavor. An organizational resilience approach to managing risk encourages critical infrastructure businesses to develop a more natural capability to deal with unexpected disruptions to business-as-usual activity. Discover the most effective ways to approach resilience that allow organizations to adapt to changes in their operating environment over time.

Test, Measure, Review, Document Control and Assurance
Understand the various tools and techniques that can be utilized to determine risk assessment. Identify how the organization can now bring its individual residual risk ratings together into a portfolio view to identify interdependencies and interconnections. Management can then determine any actions necessary to revise its risk responses or address design or effectiveness of controls.

Managing a Risk Assessment Program
Thinking with the end in mind, the culmination of this workshop will be review as well as the foundation and fundamentals of a risk assessment program. A risk assessment program establishes a framework for the overall assessment steps in the risk assessment process. It sets parameters for the overarching organizational structure, resources, commitment, and documented methods used to plan and execute risk assessments with clearly defined objectives.

Site Visit
Visit a major employer in the Atlanta, GA area to see how the organization has applied the principles of risk management. Return to the classroom to further explore how theory and practice come together. (Site visit location will be announced soon.)

Please Note:
This course includes a visit to a third-party site. The host organization may require the use of non-disclosure agreements or have other requirements for visitors to the site. The site tour is subject to the requirements of the host organization​​​​.


Pierre M. Bourgeix

Enterprise Consulting Manager, Boon Edam, Inc.

Within the security industry, Pierre has spent 20+ years as a global security business development consultant and innovator at such industry leaders as ADT, HySecurity, Wallace International, Tyco, SecureState, and ESICONVERGENT LLC. Currently Pierre is the Enterprise Partner Manager Boon Edam, Inc. Pierre has had years of experience within the physical security arena and has been involved in developing security governance programs. His primary expertise is Physical and Cyber Security Governance. He is one of the thought leaders in convergence of IT, OT, and Physical Security.


Mark Schreiber, CPP

Principal Consultant, Safeguards Consulting, Inc.

Mark Schreiber is a Security Engineer and Technical Consultant who has been in the industry for almost 20 years. Mark is an ASIS International Certified Protection Professional (CPP) and has designed all forms of physical security systems across the globe. Typical system designs are large campus, critical infrastructure systems that integrate complex access control, video surveillance, and perimeter intrusion systems for Fortune 100 clients. Through his experience and support of multiple ASIS Councils, Mark has presented at multiple ASIS Annual Seminars and ASIS trainings.

J. Kelly Stewart

Managing Director and CEO, Newcastle Consulting, LLC

J. Kelly Stewart is the Managing Director and CEO for Newcastle Consulting, LLC - an Enterprise Security Risk and Information Management Consultancy. Kelly draws upon more than 30 years of public and private sector experience with Fortune 500 and 1000 corporations as a Chief Security Officer; an international, physical security operations practitioner; and a risk management advisor. He is an internationally recognized instructor, speaker, and authority on comprehensive risk assessment, security master planning, and security design and integration. Kelly holds Master’s Degrees in Security Management, Project Management, and an MBA. 

Hotel, Fees and Schedule

Hotel, Fees and Schedule


InterContinental Buckhead Atlanta
3315 Peachtree Road NE
Atlanta, GA 30326

The InterContinental Buckhead  is now sold out for the week of our program. For hotel accommodations, the Grand Hyatt Atlanta in Buckhead and the Embassy Suites by Hilton Atlanta Buckhead are closest in proximity to the InterContinental and recommended by the hotel.

Registration Fees

Member $995 $1095
Nonmember $1295 $1395

Fees include daily continental breakfast, lunch on day one, a networking reception, and refreshment at  breaks. Hotel costs are not included.

Registration Hours

Monday, 24 June
7:00-8:00 am

Program Hours

Monday, 24 June
8:00 am–5:00 pm

Tuesday, 25 June
8:00 am–5:00 pm

Wednesday, 26 June
8:00 am–3:00 pm ​




If confirmation of registration and payment has not been received three days prior to the event, please email

Certificates of Attendance

ASIS reserves the right to withhold certificates, if attendance requirements are not met.

Last-Minute Registrations

While we welcome all registrations, including those on-site, the availability of handout materials cannot be guaranteed.


Business casual is recommended.

Continuing Professional Education (CPE)

Each 50-minutes of instruction is worth one CPE. 

Alternate Registration Methods

If you prefer, you can register by phone +1.703.519.6200, fax+1.703.519.6299, or mail.

Cancellation and Transfer Policy

For a full refund or transfer credit, written requests must be received at least 10 days before the start date of the program. Those received less than 10 days prior will be charged a $100 cancellation/transfer fee.

Transfers will be limited to a maximum of two per original registration. No refunds or transfers are made for requests received on or after the start date. Contact us at +1.703.519.6200 or fax your request to ASIS Member Services at +1.703.519.6298.

Tours of Third-Party Sites

When a program includes a visit to or a tour of a third-party site, the host organization may require the use of non-disclosure agreements. Subject to the requirements of the host organization, the agreements offered to nationals and non-nationals of the host country may differ.

Team Discount

Receive a 10% discount when three to five attendees register from the same organization, 15% for six or more. Email for details.​

Code of Conduct

ASIS International Event Code of Conduct

ASIS International (“ASIS”) is committed to providing a safe and welcoming experience for all event participants as defined below.

Any participant regardless of:

  • Race or ethnicity
  • Disability
  • Religion or political affiliation
  • Gender, or gender identity or expression
  • Sexual orientation, or
  • Any other distinguishing characteristic

should feel welcome and safe at any ASIS event.

Expected Behavior

This Code of Conduct applies to all event attendees, presenters, exhibitors, sponsors, vendors, contractors, other service providers, and ASIS staff (“participant”) at any event, meeting, conference, forum, social event, or meeting-related event, including those sponsored by organizations other than ASIS but held in conjunction with ASIS events in which they participate (an “event”). As such, ASIS expects that participants at events will:

  • Remain positive and welcoming to others
  • Recognize that an event is a place for diversity of thought, organization, and individuals
  • Be inclusive of others
  • Be alert and report any discriminatory, harassing, aggressive, or exclusionary behavior or speech immediately to the contacts set forth below
  • Respect the specific rules and policies of the event, and
  • Otherwise uphold the reputation of ASIS 

Unacceptable Behavior

Unacceptable behavior includes, but is not limited to:

  • Intimidating, threatening, harassing, abusive, discriminatory, derogatory, or demeaning conduct
  • Inappropriate physical contact (e.g., unwelcome sexual advances, groping, sexual assault);
  • Physical stalking or written, verbal, or other abuse, or
  • Inappropriate use of nudity and/or sexual images or language in event presentations, or otherwise failing to obey any rules or policies of the venue or ASIS.

Whether such behavior constitutes unacceptable behavior as defined above shall be determined by ASIS and its representatives, in their sole discretion. ASIS takes matters of such unacceptable behavior in any form seriously.