Cybersecurity & AI Risk Management for IT Professionals

** UPDATED ARPIL 2026 - with two new sections covering AI risk management and Quantitative Analysis **

Cybersecurity risk isn't just a security team problem anymore, instead it has become a board-level one.

The SEC now requires cybersecurity disclosures in 8-K filings. The EU AI Act, NIS2, and DORA are reshaping what "compliance" means. AI adoption is outpacing the governance around it and when ransomware or a vendor breach hits, executives don't want a firewall explanation, they want a dollar figure and a plan.

Most cybersecurity risk courses stop at "identify threats and apply controls." This one doesn't.

This course teaches you cybersecurity risk management the way IT leaders actually practice it — end to end, including the three areas other courses skip:

• **AI risk management** — NIST AI RMF, EU AI Act risk categories, AI-powered threats, and how to build a governing AI risk policy

• **Quantitative FAIR analysis** — translate risk into financial exposure so the CFO and board understand what you're asking for

• **Executive communication** — risk reporting formats, board briefings, and role-play scenarios for real conversations with non-technical leaders

Inside the course, you'll work through:

• Foundations of cybersecurity risk management — risks, threats, adversaries, and where risk fits in the business

• Risk identification, assessment, mitigation, transfer, avoidance, acceptance, and monitoring

• A hands-on risk register workshop — build one for your own environment

• Quantitative vs. qualitative analysis and a full FAIR workshop with a downloadable worksheet

• AI risk management — the rise of AI in security, the NIST AI RMF, the EU AI Act, AI-powered threats, and a workshop to draft your own AI risk policy

• Information classification and security control implementation

• Third-party cyber risk management — the 6 steps, supply chain case studies (SolarWinds, Log4j, MOVEit), SBOMs (SPDX and CycloneDX), and continuous monitoring

• Vulnerability management, ethical hacking, pen testing, and business continuity

• ISO 31000, ISO 27001, and ISO 27005 risk requirements — what auditors actually check

• Communicating risk to executives — translating tech into business, reporting formats, role-play scenarios

• The full NIST Risk Management Framework (RMF) — all 7 steps, from Prepare to Monitor

• Regulatory & compliance frameworks — SEC Cyber Disclosure Rules, NIS2, DORA, GDPR, and the US state privacy patchwork

  
  

**What you'll walk away with:**

• Downloadable templates you can use the day you finish the course — a risk register, FAIR worksheet, AI risk policy template, and CFO risk brief

• Real-world case studies grounded in enforcement actions and breaches that made the news

• Practical workshops after major sections so you apply the material, not just watch it

• Section quizzes to lock in what you've learned

• Lifetime access and ongoing updates as frameworks and regulations evolve

**This course is for you if:**

You want to move past the "list of threats" version of risk management and into the work that gets you taken seriously as a risk-aware IT leader — the analysis the CFO respects, the AI governance the board is already asking about, and the regulatory knowledge that keeps your organization out of the news.

You don't need a cybersecurity degree. You don't need a GRC background. What you need is a structured walk through the frameworks, real examples, and the templates to make it stick.

**Enroll today** and build the risk management toolkit that works whether you're running IT for a 200-person firm or briefing the board at a global one.