MODULE 1 : Foundations of Risk Management (5 HOURS)
Practical Output: Risk management framework comparison worksheet + asset identification and value assessment template
- Core Risk Management Concepts & Terminology
- Asset Identification, Valuation & Organisational Value Protection
- Security Risks, Business Impact & ESRM Principles
- ISO 31000 & ASIS ESRM Frameworks
- Risk Management Lifecycle & Organisational Application
- Risk Governance, Ownership & Accountability
- Cross-Functional Risk Management Coordination
- Security Risk Management Roles & Decision-Making Structures
Module 1 Learning Objectives
By the end of this module , participants should be able to:
- Analyse core risk management concepts using recognised terminology
- Apply asset identification techniques to determine value, criticality, and organisational impact
- Explain organisational value protection through the ESRM framework
- Translate operational security risks into business impact considerations
- Apply the risk management lifecycle across organisational security scenarios
- Compare ISO 31000 and ASIS ESRM frameworks and their organisational application
- Apply governance principles including ownership, accountability, and cross-functional coordination
MODULE 2 : Risk Assessment Planning & Methods (5 HOURS)
Practical Output: Completed risk assessment matrix + vulnerability assessment findings documentation + initial risk register
- Risk Assessment Planning, Scope & Stakeholder Engagement
- Qualitative & Quantitative Risk Assessment Methodologies
- SLE, ARO & ALE Decision-Support Concepts
- Multi-Threat Identification & Human-Origin Risks
- Security & Vulnerability Assessment Methodologies
- Business Impact Analysis (BIA) & Data Collection Techniques
- Risk Scoring, Gap Analysis & Risk Prioritisation
- Risk Register Development & Documentation
Module 2 Learning Objectives
By the end of this module , participants should be able to:
- Plan and scope structured organisational risk assessments
- Evaluate and select appropriate qualitative and quantitative assessment methodologies
- Apply SLE, ARO, and ALE concepts to support risk prioritisation and treatment decisions
- Classify organisational threats using structured multi-threat identification frameworks
- Conduct Business Impact Analysis and structured vulnerability assessments
- Apply security assessment and site inspection methodologies to document vulnerabilities
- Develop risk scoring outputs using likelihood, consequence, and gap analysis techniques
- Construct an initial Risk Register with ownership and prioritisation criteria
MODULE 3 : Risk Analysis & Prioritization (5 HOURS)
Practical Output: Prioritised risk register + executive risk briefing summary + risk prioritisation matrix
- Risk Assessment Interpretation & Decision Support
- Risk Matrix Models (3×3, 4×4 & 5×5)
- Risk Appetite, Risk Tolerance & Decision Boundaries
- Comparative Risk Ranking & Prioritisation Methodologies
- Risk-Informed Decision Making & Executive Escalation
- Executive Risk Communication & Governance Reporting
- Risk Reporting Standards & Documentation Requirements
- Leadership Decision Support & Organisational Risk Communication
Module 3 Learning Objectives
By the end of this module , participants should be able to:
- Interpret risk assessment results to produce prioritised, decision-ready risk information
- Apply and evaluate risk matrix models across different organisational contexts
- Apply risk appetite and risk tolerance frameworks to support risk prioritisation decisions
- Prioritise organisational risks using comparative ranking methodologies and governance criteria
- Apply risk-informed decision making to recommend risk acceptance, treatment, or escalation
- Translate operational risk findings into executive-level decision support information
- Prepare executive risk reports and governance briefings aligned with organisational requirements
MODULE 4 : Risk Treatment & Countermeasures (5 HOURS)
Practical Output: Risk treatment plan + updated risk register + cost-benefit analysis worksheet + corrective action tracking template + pre-incident readiness checklist
- Risk Treatment Strategies (Avoid, Accept, Transfer & Mitigate)
- Defence-in-Depth & Layered Countermeasure Design
- Countermeasure Selection Across People, Process & Technology
- Cost-Benefit Analysis & Treatment Decision Justification
- Third-Party, Supply Chain & Regulatory Risk Management
- Residual Risk Management, Executive Escalation & Acceptance
- Risk Register Maintenance & Treatment Plan Documentation
- Pre-Incident Readiness, Tabletop Exercises & Organisational Change Management
Module 4 Learning Objectives
By the end of this module , participants should be able to:
- Evaluate and select appropriate risk treatment strategies based on organisational risk profiles
- Design layered security countermeasures using defence-in-depth principles
- Conduct cost-benefit analyses to justify and document treatment decisions
- Assess third-party and supply chain risks and recommend appropriate mitigation controls
- Apply legal, regulatory, and governance requirements throughout the risk treatment process
- Manage residual risk using organisational acceptance and executive escalation procedures
- Maintain Risk Registers and produce comprehensive risk treatment documentation
- Plan pre-incident readiness activities and update treatment plans following organisational change
MODULE 5 : Monitoring, Auditing & Continuous Improvement (4 HOURS)
Practical Output: KPI dashboard template (including governance effectiveness indicators) + audit findings report + final updated risk register
- Risk Programme Auditing, Compliance Testing & Gap Analysis
- Performance Measurement, KPIs & Governance Effectiveness Metrics
- Continuous Monitoring, Review Cycles & Escalation Protocols
- Audit Reporting, Corrective Actions & Risk Register Maintenance
- Cross-Functional Governance & Executive Coordination
- Risk Culture Maturity & Organisational Awareness
- Risk Programme Failure Prevention & Ethical Governance
Module 5 Learning Objectives
By the end of this module , participants should be able to:
- Design and conduct risk management compliance audits using recognised methodologies
- Develop KPIs and governance metrics to measure programme performance and ESRM effectiveness
- Establish continuous monitoring frameworks incorporating review cycles, escalation protocols, and governance requirements
- Document audit findings, implement corrective action plans, and maintain the Risk Register
- Apply cross-functional governance principles to strengthen organisational risk management
- Assess organisational risk culture maturity and recommend continuous improvement initiatives
- Identify common programme failure modes and apply preventive and ethical governance practices
- Evaluate programme effectiveness and recommend continuous improvement actions