Module 5 Narration#
Opening#
Open with the professional setting: a cyber risk committee prioritizing mitigation across assets with different exposure and business value. Ask students what decision is being made, who is affected, and what evidence would be persuasive to a skeptical reviewer.
Middle#
Move through the module in four passes:
Define Controls and residual risk in the context of AI for Risk Assessment.
Walk through the lab as a proxy-data exercise, emphasizing what it can and cannot show.
Compare a baseline with an AI-enabled or more sophisticated alternative.
Translate the result into stakeholder language: recommendation, risk, mitigation, and next evidence.
Closing#
Close by returning to the module artifact: cyber risk assessment package with scoring rationale, treatment plan, and executive dashboard focused on controls and residual risk: Map controls to residual risk estimates.. Students should leave knowing exactly what artifact they are producing and how it will be judged.