# Module 5 Overview

## Theme

Controls and residual risk

## Essential Question

How do mitigations change risk?

## Module Components

- `Book prose`: conceptual framing, domain scenario, methods, and failure modes
- `Assignment`: evidence-backed production of a specific artifact
- `Slides`: presentation sequence for seminar or lecture delivery
- `Narration`: spoken version of the slide flow
- `Instructor notes`: facilitation plan, discussion prompts, and grading cues
- `Rubric`: criteria for evaluating the module artifact
- `Notebook`: executable lab aligned with the module theme using synthetic asset risk records with exposure, vulnerability severity, control strength, threat activity, and business impact

## Module Artifact

cyber risk assessment package with scoring rationale, treatment plan, and executive dashboard focused on controls and residual risk: Map controls to residual risk estimates.

## Professional Setting

Students work as if advising a cyber risk committee prioritizing mitigation across assets with different exposure and business value. Their work must be intelligible to CISO, risk officer, system owner, auditor, and executive sponsor.