Organizations are increasingly exposed to manifold threats concerning the security of their valuable business processes. Due to the increasing damage potential, decision makers are permanently forced to pay attention to security issues and are raising their security investments, but often (i) without considering the efficiency of the investments made, (ii) neglecting to involve people in order to raise security awareness and (iii) without full awareness of the importance of the decision at hand. This paper provides a crucial extension to the established risk management solution AURUM and extends its functionality by introducing the AURUM Workshop, which allows the selection of efficient safeguards based on corporate business processes. It highlights typical problems of (group) decision making and provides a solution to eliminate those shortcomings. Thereby, it supports decision makers in (i) refining the basic infrastructure elements to the specific requirements of the corporation, (ii) focusing on the most relevant risks and (iii) improving their awareness for the problem at hand.