Module 2 Instructor Notes#
Teaching Goal#
Students should use threat likelihood and impact modeling to make a defensible technical or managerial decision in this setting: a cyber risk committee prioritizing mitigation across assets with different exposure and business value.
Before Class#
Review the lab output and identify one result that can be challenged.
Prepare one domain-specific failure case related to AI for Risk Assessment.
Decide whether students should work individually or in pairs for the artifact review.
Discussion Prompts#
What is the strongest argument for using the AI-enabled approach here?
What is the strongest argument against it?
Which stakeholder has the most to lose if the system is wrong?
What evidence would change your recommendation?
Common Pitfalls#
Treating model output as self-validating
Skipping baseline comparisons or stakeholder constraints
Reporting metrics without explaining operational meaning
Omitting privacy, safety, governance, or deployment limits
Confusing a synthetic lab result with real deployment evidence
Facilitation#
Start with a concrete failure case, then ask students what evidence would have prevented it. Keep critique focused on assumptions, evidence, system boundaries, and the artifact students must submit.
Grading Cue#
Reward clear reasoning about tradeoffs and limitations. Do not reward unnecessary complexity when a simpler baseline answers the question. Penalize recommendations that omit ownership, monitoring, or rollback.