# Module 6 Instructor Notes

## Teaching Goal

Students should use **executive reporting and risk communication** to make a defensible technical or managerial decision in this setting: a cyber risk committee prioritizing mitigation across assets with different exposure and business value.

## Before Class

- Review the lab output and identify one result that can be challenged.
- Prepare one domain-specific failure case related to AI for Risk Assessment.
- Decide whether students should work individually or in pairs for the artifact review.

## Discussion Prompts

1. What is the strongest argument for using the AI-enabled approach here?
2. What is the strongest argument against it?
3. Which stakeholder has the most to lose if the system is wrong?
4. What evidence would change your recommendation?

## Common Pitfalls

- Treating model output as self-validating
- Skipping baseline comparisons or stakeholder constraints
- Reporting metrics without explaining operational meaning
- Omitting privacy, safety, governance, or deployment limits
- Confusing a synthetic lab result with real deployment evidence

## Facilitation

Start with a concrete failure case, then ask students what evidence would have prevented it. Keep critique focused on assumptions, evidence, system boundaries, and the artifact students must submit.

## Grading Cue

Reward clear reasoning about tradeoffs and limitations. Do not reward unnecessary complexity when a simpler baseline answers the question. Penalize recommendations that omit ownership, monitoring, or rollback.