Course Details

Your Growth, Our Mission

Risk Management in Security (BTS-RMS)
Course Description

This programme provides security professionals with a comprehensive, practice-oriented understanding of risk management principles, frameworks, and methodologies. Participants will learn to identify assets, assess threats and vulnerabilities, prioritise risks, and design effective treatment strategies — protecting organisational value across people, assets, information, and reputation. Programmes addressing business continuity and crisis response are available as separate dedicated offerings.

Program Scope & Boundaries

In Scope 

  • Organisational risk identification, assessment, analysis, and treatment
  • Risk governance, monitoring, and continuous improvement
  • Enterprise Security Risk Management (ESRM) principles and application
  • Risk register development and maintenance
  • Executive risk communication and decision support

Out of Scope

  • Business Continuity Planning — addressed in a separate dedicated programme
  • Crisis and Emergency Management — addressed in a separate dedicated programme
  • Physical Security Design and Implementation
  • Cybersecurity Risk Management

Practical Deliverables

  • Structured risk register with prioritised organisational risks
  • Completed risk assessment matrix with threat and vulnerability scoring
  • Risk treatment plan with countermeasure recommendations
  • Cost-benefit analysis worksheet for treatment decisions
  • Executive risk briefing summary
  • Vulnerability assessment findings documentation
  • Risk prioritisation matrix
  • Corrective action tracking recommendations

By the end of this training course, participants should be able to:

  • Apply Enterprise Security Risk Management (ESRM) principles to protect organisational value
  • Conduct qualitative and quantitative risk assessments using recognised methodologies
  • Identify, analyse, and prioritise organisational threats, vulnerabilities, and risks
  • Apply risk-informed decision making to support leadership and organisational objectives
  • Develop and maintain structured Risk Registers and risk treatment plans
  • Select, justify, and implement risk treatment strategies using defence-in-depth principles
  • Monitor, audit, and continuously improve organisational risk management programmes
  • Uphold governance, compliance, and ethical responsibilities throughout the risk management lifecycle
  • Security managers and supervisors with 3–7 years of experience
  • Risk and compliance officers
  • Operations managers responsible for organizational risk
  • Anyone involved in security planning and decision-making
  • Interactive instructor-led sessions
  • Real-world case studies and applied scenarios
  • Group discussions and facilitated risk workshops
  • Practical risk assessment simulations and exercises

MODULE 1 : Foundations of Risk Management (5 HOURS) 

Practical Output: Risk management framework comparison worksheet + asset identification and value assessment template

  • Core Risk Management Concepts & Terminology
  • Asset Identification, Valuation & Organisational Value Protection
  • Security Risks, Business Impact & ESRM Principles
  • ISO 31000 & ASIS ESRM Frameworks
  • Risk Management Lifecycle & Organisational Application
  • Risk Governance, Ownership & Accountability
  • Cross-Functional Risk Management Coordination
  • Security Risk Management Roles & Decision-Making Structures

Module 1 Learning Objectives 

By the end of this module , participants should be able to:

  • Analyse core risk management concepts using recognised terminology
  • Apply asset identification techniques to determine value, criticality, and organisational impact
  • Explain organisational value protection through the ESRM framework
  • Translate operational security risks into business impact considerations
  • Apply the risk management lifecycle across organisational security scenarios
  • Compare ISO 31000 and ASIS ESRM frameworks and their organisational application
  • Apply governance principles including ownership, accountability, and cross-functional coordination

MODULE 2 : Risk Assessment Planning & Methods (5 HOURS)

Practical Output: Completed risk assessment matrix + vulnerability assessment findings documentation + initial risk register

  • Risk Assessment Planning, Scope & Stakeholder Engagement
  • Qualitative & Quantitative Risk Assessment Methodologies
  • SLE, ARO & ALE Decision-Support Concepts
  • Multi-Threat Identification & Human-Origin Risks
  • Security & Vulnerability Assessment Methodologies
  • Business Impact Analysis (BIA) & Data Collection Techniques
  • Risk Scoring, Gap Analysis & Risk Prioritisation
  • Risk Register Development & Documentation

Module 2 Learning Objectives 

By the end of this module , participants should be able to:

  • Plan and scope structured organisational risk assessments
  • Evaluate and select appropriate qualitative and quantitative assessment methodologies
  • Apply SLE, ARO, and ALE concepts to support risk prioritisation and treatment decisions
  • Classify organisational threats using structured multi-threat identification frameworks
  • Conduct Business Impact Analysis and structured vulnerability assessments
  • Apply security assessment and site inspection methodologies to document vulnerabilities
  • Develop risk scoring outputs using likelihood, consequence, and gap analysis techniques
  • Construct an initial Risk Register with ownership and prioritisation criteria

MODULE 3 : Risk Analysis & Prioritization (5 HOURS)

Practical Output: Prioritised risk register + executive risk briefing summary + risk prioritisation matrix

  • Risk Assessment Interpretation & Decision Support
  • Risk Matrix Models (3×3, 4×4 & 5×5)
  • Risk Appetite, Risk Tolerance & Decision Boundaries
  • Comparative Risk Ranking & Prioritisation Methodologies
  • Risk-Informed Decision Making & Executive Escalation
  • Executive Risk Communication & Governance Reporting
  • Risk Reporting Standards & Documentation Requirements
  • Leadership Decision Support & Organisational Risk Communication

Module 3 Learning Objectives 

By the end of this module , participants should be able to:

  • Interpret risk assessment results to produce prioritised, decision-ready risk information
  • Apply and evaluate risk matrix models across different organisational contexts
  • Apply risk appetite and risk tolerance frameworks to support risk prioritisation decisions
  • Prioritise organisational risks using comparative ranking methodologies and governance criteria
  • Apply risk-informed decision making to recommend risk acceptance, treatment, or escalation
  • Translate operational risk findings into executive-level decision support information
  • Prepare executive risk reports and governance briefings aligned with organisational requirements

MODULE 4 : Risk Treatment & Countermeasures (5 HOURS)

Practical Output: Risk treatment plan + updated risk register + cost-benefit analysis worksheet + corrective action tracking template + pre-incident readiness checklist

  • Risk Treatment Strategies (Avoid, Accept, Transfer & Mitigate)
  • Defence-in-Depth & Layered Countermeasure Design
  • Countermeasure Selection Across People, Process & Technology
  • Cost-Benefit Analysis & Treatment Decision Justification
  • Third-Party, Supply Chain & Regulatory Risk Management
  • Residual Risk Management, Executive Escalation & Acceptance
  • Risk Register Maintenance & Treatment Plan Documentation
  • Pre-Incident Readiness, Tabletop Exercises & Organisational Change Management

Module 4 Learning Objectives 

By the end of this module , participants should be able to:

  • Evaluate and select appropriate risk treatment strategies based on organisational risk profiles
  • Design layered security countermeasures using defence-in-depth principles
  • Conduct cost-benefit analyses to justify and document treatment decisions
  • Assess third-party and supply chain risks and recommend appropriate mitigation controls
  • Apply legal, regulatory, and governance requirements throughout the risk treatment process
  • Manage residual risk using organisational acceptance and executive escalation procedures
  • Maintain Risk Registers and produce comprehensive risk treatment documentation
  • Plan pre-incident readiness activities and update treatment plans following organisational change

MODULE 5 : Monitoring, Auditing & Continuous Improvement (4 HOURS)

Practical Output: KPI dashboard template (including governance effectiveness indicators) + audit findings report + final updated risk register

  • Risk Programme Auditing, Compliance Testing & Gap Analysis
  • Performance Measurement, KPIs & Governance Effectiveness Metrics
  • Continuous Monitoring, Review Cycles & Escalation Protocols
  • Audit Reporting, Corrective Actions & Risk Register Maintenance
  • Cross-Functional Governance & Executive Coordination
  • Risk Culture Maturity & Organisational Awareness
  • Risk Programme Failure Prevention & Ethical Governance 

Module 5 Learning Objectives 

By the end of this module , participants should be able to:

  • Design and conduct risk management compliance audits using recognised methodologies
  • Develop KPIs and governance metrics to measure programme performance and ESRM effectiveness
  • Establish continuous monitoring frameworks incorporating review cycles, escalation protocols, and governance requirements
  • Document audit findings, implement corrective action plans, and maintain the Risk Register
  • Apply cross-functional governance principles to strengthen organisational risk management
  • Assess organisational risk culture maturity and recommend continuous improvement initiatives
  • Identify common programme failure modes and apply preventive and ethical governance practices
  • Evaluate programme effectiveness and recommend continuous improvement actions

Participants who successfully complete the assessment and maintain full attendance will receive a Certificate of Completion. CPP and APP certification holders are eligible to earn Continuing Professional Education (CPE) credits upon completing the 24-hour training program delivered over three intensive days, including 19.5 instructional contact hours.

Request Info

Course Rounds

3 Days
Code Date Venue Fees Action
CPE103-01
2026-11-16
Istanbul
USD 4950
Register

Prices don't include VAT

Related Courses

Your Growth, Our Mission

Contact Us

Contact us to meet all your inquiries and needs, as our professional team is pleased to provide immediate support and advice to ensure you achieve your goals and facilitate your experience with us in the best possible way.

UAE
1st floor, Incubator Building, Masdar City, Abu Dhabi, UAE
Office
00971-2-6446633
Mobile
00971-50-5419377
E-mail
info@btsconsultant.com
Working Hours
Sun to Fri 09:00 AM to 06:00 PM