Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Cybersecurity & AI Risk Management for IT Professionals
Role Play
Rating: 4.5 out of 5(5,548 ratings)
14,276 students

Cybersecurity & AI Risk Management for IT Professionals

The complete cyber risk toolkit for IT leaders: NIST, ISO 27005, FAIR, AI risk, and board-ready reporting
Created byAlexander Oni
Last updated 4/2026
English

What you'll learn

  • Understand the foundations of Risk Management in cybersecurity
  • Apply the major cybersecurity risk frameworks — NIST RMF, ISO 27005, and FAIR to real-world risk decisions
  • Run a quantitative FAIR analysis and express cyber risk as financial exposure the board actually understands
  • Govern AI adoption and build an AI risk policy aligned with the NIST AI RMF and EU AI Act
  • Manage third-party and supply chain risk from vendor onboarding through SBOMs and continuous monitoring
  • Navigate the global regulatory landscape — SEC Cyber Disclosure Rules, NIS2, DORA, GDPR, and US state privacy laws
  • Build a working risk register and treatment plan you can bring straight into your own organization
  • Communicate cyber risk to executives and non-technical stakeholders in business terms, not jargon

Course content

13 sections72 lectures7h 41m total length
  • Introduction to the Course5:17
  • Connect with Me1:05
  • Download the PDF Book & Slides0:03
  • Common IT Risk Management Pitfalls (and How to Avoid Them)7:48
  • Risk Management as a Profession7:09
  • Standards6:52

Requirements

  • Basic familiarity with cybersecurity concepts (threats, vulnerabilities, controls)
  • No prior risk management experience required — every framework is introduced from the ground up
  • A spreadsheet tool (Excel or Google Sheets) to follow along with the FAIR workshop

Description

** UPDATED ARPIL 2026 - with two new sections covering AI risk management and Quantitative Analysis **

Cybersecurity risk isn't just a security team problem anymore, instead it has become a board-level one.

The SEC now requires cybersecurity disclosures in 8-K filings. The EU AI Act, NIS2, and DORA are reshaping what "compliance" means. AI adoption is outpacing the governance around it and when ransomware or a vendor breach hits, executives don't want a firewall explanation, they want a dollar figure and a plan.

Most cybersecurity risk courses stop at "identify threats and apply controls." This one doesn't.

This course teaches you cybersecurity risk management the way IT leaders actually practice it — end to end, including the three areas other courses skip:


  • **AI risk management** — NIST AI RMF, EU AI Act risk categories, AI-powered threats, and how to build a governing AI risk policy

  • **Quantitative FAIR analysis** — translate risk into financial exposure so the CFO and board understand what you're asking for

  • **Executive communication** — risk reporting formats, board briefings, and role-play scenarios for real conversations with non-technical leaders

Inside the course, you'll work through:

  • Foundations of cybersecurity risk management — risks, threats, adversaries, and where risk fits in the business

  • Risk identification, assessment, mitigation, transfer, avoidance, acceptance, and monitoring

  • A hands-on risk register workshop — build one for your own environment

  • Quantitative vs. qualitative analysis and a full FAIR workshop with a downloadable worksheet

  • AI risk management — the rise of AI in security, the NIST AI RMF, the EU AI Act, AI-powered threats, and a workshop to draft your own AI risk policy

  • Information classification and security control implementation

  • Third-party cyber risk management — the 6 steps, supply chain case studies (SolarWinds, Log4j, MOVEit), SBOMs (SPDX and CycloneDX), and continuous monitoring

  • Vulnerability management, ethical hacking, pen testing, and business continuity

  • ISO 31000, ISO 27001, and ISO 27005 risk requirements — what auditors actually check

  • Communicating risk to executives — translating tech into business, reporting formats, role-play scenarios

  • The full NIST Risk Management Framework (RMF) — all 7 steps, from Prepare to Monitor

  • Regulatory & compliance frameworks — SEC Cyber Disclosure Rules, NIS2, DORA, GDPR, and the US state privacy patchwork


**What you'll walk away with:**

  • Downloadable templates you can use the day you finish the course — a risk register, FAIR worksheet, AI risk policy template, and CFO risk brief

  • Real-world case studies grounded in enforcement actions and breaches that made the news

  • Practical workshops after major sections so you apply the material, not just watch it

  • Section quizzes to lock in what you've learned

  • Lifetime access and ongoing updates as frameworks and regulations evolve


**This course is for you if:**

You want to move past the "list of threats" version of risk management and into the work that gets you taken seriously as a risk-aware IT leader — the analysis the CFO respects, the AI governance the board is already asking about, and the regulatory knowledge that keeps your organization out of the news.

You don't need a cybersecurity degree. You don't need a GRC background. What you need is a structured walk through the frameworks, real examples, and the templates to make it stick.

**Enroll today** and build the risk management toolkit that works whether you're running IT for a 200-person firm or briefing the board at a global one.

Who this course is for:

  • IT Managers and Team Leaders responsible for risk decisions in their environment
  • Cybersecurity professionals moving into risk, governance, or GRC roles
  • Risk Managers extending their coverage into cyber and AI risk
  • Compliance and audit professionals navigating SEC, NIS2, DORA, GDPR, or EU AI Act obligations
  • Aspiring CISOs, vCISOs, and security leaders preparing for board-level conversations
  • Business leaders overseeing IT who need a working mental model of cyber risk