Module 4 Assignment: Scenario analysis and stress testing

Module 4 Assignment: Scenario analysis and stress testing#

Scenario#

You are advising a cyber risk committee prioritizing mitigation across assets with different exposure and business value. The stakeholders are: CISO, risk officer, system owner, auditor, and executive sponsor.

Task#

Answer the module question: How do we reason about uncertain attacks?

Use the module lab and course readings to produce: cyber risk assessment package with scoring rationale, treatment plan, and executive dashboard focused on scenario analysis and stress testing: Run scenario-based risk analysis..

Required Evidence#

  • Define the decision or system boundary in one paragraph.

  • Identify the dataset, proxy data, or evidence source you used: synthetic asset risk records with exposure, vulnerability severity, control strength, threat activity, and business impact.

  • Compare at least two alternatives, baselines, policies, or designs.

  • Report one quantitative result or structured scoring table.

  • Explain two failure modes and one mitigation for each.

  • State what additional evidence would be required before real deployment.

Submission#

Submit the completed notebook plus a 900-1200 word memo. The memo must include clear headings for context, method, evidence, risks, recommendation, and open questions.

# Assignment workspace for Module 4: Scenario analysis and stress testing
module = 4
decision = "How do we reason about uncertain attacks?"
artifact = "cyber risk assessment package with scoring rationale, treatment plan, and executive dashboard focused on scenario analysis and stress testing: Run scenario-based risk analysis."

alternatives = [
    {"option": "baseline_or_manual_process", "strength": "", "risk": "", "evidence": ""},
    {"option": "ai_assisted_or_advanced_option", "strength": "", "risk": "", "evidence": ""},
]

recommendation = {
    "decision": decision,
    "recommended_option": "",
    "minimum_evidence_before_pilot": [],
    "monitoring_metric": "",
    "rollback_trigger": "",
}

{"module": module, "artifact": artifact, "alternatives": alternatives, "recommendation": recommendation}

{'module': 4,
 'artifact': 'cyber risk assessment package with scoring rationale, treatment plan, and executive dashboard focused on scenario analysis and stress testing: Run scenario-based risk analysis.',
 'alternatives': [{'option': 'baseline_or_manual_process',
   'strength': '',
   'risk': '',
   'evidence': ''},
  {'option': 'ai_assisted_or_advanced_option',
   'strength': '',
   'risk': '',
   'evidence': ''}],
 'recommendation': {'decision': 'How do we reason about uncertain attacks?',
  'recommended_option': '',
  'minimum_evidence_before_pilot': [],
  'monitoring_metric': '',
  'rollback_trigger': ''}}

Acceptance Criteria#

Your submission is complete only if another reviewer can reproduce your reasoning from the evidence you provide. You do not need production-grade data, but you must be explicit about proxy-data limits and what would change with real institutional data.