This module covers cyber security governance, emphasizing executive oversight and accountability for managing cyber risk. You will learn key governance models, including the Three Lines of Defence, and examine senior management responsibilities. Explore global frameworks like NIST CSF, NIST SP 800-53, and CIS Controls to define and evaluate cyber programs. By the end, you will demonstrate how governance guides risk management and embeds cyber security as an organizational responsibility. Focus on framework application for success.

This module focuses on leading cyber risk management, balancing security controls with business priorities. Building on governance, you will explore cyber risk concepts like threat modeling, asset classification, and risk tolerance. Learn structured risk assessment processes to identify vulnerabilities, assess impact, and prioritize mitigation. Understand how risk management cascades from policy to operations, reinforcing the Three Lines of Defence model. By the end, you will contribute to cyber risk discussions and embed risk-informed thinking into cyber strategy. For success, apply risk assessment methods to real scenarios.

This module focuses on quantifying cyber risks for evidence-based decision-making. You will learn to prioritize investments and remediation by exploring qualitative and quantitative assessment models, including FAIR and NIST frameworks. Understand how to calculate risk likelihood, impact, and exposure in financial and operational terms. By the end, you will assess organizational risk posture, compare data-driven remediation options, and communicate cyber risk in terms that resonate with stakeholders from executives to regulators. Practice applying quantification models to gain confidence.

This module prepares senior leaders to manage cyber crises with confidence. You will explore cyber attack evolution, real-world case studies, and the cyber kill chain. Focus on the senior management role in preparation and response, including time-critical decision-making and stakeholder communication. Understand how cyber resilience is a leadership responsibility, integrating risk management and strategic foresight. By the end, you will develop leadership-aligned response strategies and build a resilient organizational culture. To maximize learning, consider current organizational incident response plans.