
** UPDATED ARPIL 2026 - with two new sections covering AI risk management and Quantitative Analysis **
Cybersecurity risk isn't just a security team problem anymore, instead it has become a board-level one.
The SEC now requires cybersecurity disclosures in 8-K filings. The EU AI Act, NIS2, and DORA are reshaping what "compliance" means. AI adoption is outpacing the governance around it and when ransomware or a vendor breach hits, executives don't want a firewall explanation, they want a dollar figure and a plan.
Most cybersecurity risk courses stop at "identify threats and apply controls." This one doesn't.
This course teaches you cybersecurity risk management the way IT leaders actually practice it — end to end, including the three areas other courses skip:
**AI risk management** — NIST AI RMF, EU AI Act risk categories, AI-powered threats, and how to build a governing AI risk policy
**Quantitative FAIR analysis** — translate risk into financial exposure so the CFO and board understand what you're asking for
**Executive communication** — risk reporting formats, board briefings, and role-play scenarios for real conversations with non-technical leaders
Inside the course, you'll work through:
Foundations of cybersecurity risk management — risks, threats, adversaries, and where risk fits in the business
Risk identification, assessment, mitigation, transfer, avoidance, acceptance, and monitoring
A hands-on risk register workshop — build one for your own environment
Quantitative vs. qualitative analysis and a full FAIR workshop with a downloadable worksheet
AI risk management — the rise of AI in security, the NIST AI RMF, the EU AI Act, AI-powered threats, and a workshop to draft your own AI risk policy
Information classification and security control implementation
Third-party cyber risk management — the 6 steps, supply chain case studies (SolarWinds, Log4j, MOVEit), SBOMs (SPDX and CycloneDX), and continuous monitoring
Vulnerability management, ethical hacking, pen testing, and business continuity
ISO 31000, ISO 27001, and ISO 27005 risk requirements — what auditors actually check
Communicating risk to executives — translating tech into business, reporting formats, role-play scenarios
The full NIST Risk Management Framework (RMF) — all 7 steps, from Prepare to Monitor
Regulatory & compliance frameworks — SEC Cyber Disclosure Rules, NIS2, DORA, GDPR, and the US state privacy patchwork
**What you'll walk away with:**
Downloadable templates you can use the day you finish the course — a risk register, FAIR worksheet, AI risk policy template, and CFO risk brief
Real-world case studies grounded in enforcement actions and breaches that made the news
Practical workshops after major sections so you apply the material, not just watch it
Section quizzes to lock in what you've learned
Lifetime access and ongoing updates as frameworks and regulations evolve
**This course is for you if:**
You want to move past the "list of threats" version of risk management and into the work that gets you taken seriously as a risk-aware IT leader — the analysis the CFO respects, the AI governance the board is already asking about, and the regulatory knowledge that keeps your organization out of the news.
You don't need a cybersecurity degree. You don't need a GRC background. What you need is a structured walk through the frameworks, real examples, and the templates to make it stick.
**Enroll today** and build the risk management toolkit that works whether you're running IT for a 200-person firm or briefing the board at a global one.