Module 5: Controls and residual risk

Module 5: Controls and residual risk#

AINS6302 — AI for Risk Assessment

Essential Question#

How do mitigations change risk?

Scenario#

a cyber risk committee prioritizing mitigation across assets with different exposure and business value

Stakeholders: CISO, risk officer, system owner, auditor, and executive sponsor

Core Moves#

Define the decision boundary
Compare baseline and alternative
Interpret evidence and assumptions
Identify failure modes
Recommend next action

Lab & Assignment#

Map controls to residual risk estimates.

Artifact: cyber risk assessment package with scoring rationale, treatment plan, and executive dashboard focused on controls and residual risk: Map controls to residual risk estimates.