Principles of Cyber Risk Management

Recent events have magnified the ever increasing risk of using the Internet for daily operations. In terms of severity of consequences, cyber risk  is now on par with (if not exceeds) other major business risks.

This course will teach you how to manage cyber as the dynamic business risk it has become rather than the static technological one it has been historically.

Topics will include:

  • The importance and role of cyber risk management within a business
    • Why cyber must be managed as a dynamic business risk
    • The 4 broad categories of resources that cyber risk managers have at their disposal
    • Why cyber risk managers must know how an organization makes money/secures funding
    • Why cyber risk managers must list all digital assets in priority order
    • Understand different types of risk management (qualitative and quantitative)
    • The default threat model used by cyber risk managers
    • How the term “reasonable cybersecurity” affects how cyber risks must be managed
  • The three prominent cybersecurity frameworks and their appropriate uses
    • NIST Cybersecurity Framework (NCSF)
    • Zero-to-ten scale
    • “Essential Eight” (as published by the ASD)
  • Implement best practices for “cyber hygiene” in an organization
    • Use “Essential Eight” as the basis for a cyber hygiene program, as demonstrated by measuring the alignment of an organization with the “Essential Eight” and creating an action plan to bring it into full alignment
    • Conduct a real (or hypothetical) cyber risk assessment for an organization, using the zero-to-ten scale and the NCSF

Enroll in this 36 hour program and finish in 2 months!


  • Meets twice a week for 9 weeks
  • Tuesdays and Thursdays, 6:30 – 8:30 pm
  • May 4, 2021 – July 1, 2021

Delivery Method:

fully online


3.6 CE units


  • $900.00 General Public
  • $720.00 PLU students, Alumni, and current employees (please contact with your ID number for discount code)

Click here for Refund Policy

Applicable to both for-profit and not-for-profit organizations


Useful for start-ups, mid-sized companies, and large enterprises


Who should attend:

  • Mid-level or senior cybersecurity professionals
  • IT professionals who want a stronger voice for cybersecurity decision making
  • Senior decision makers who are responsible for cyber risk management (VP of IT, CIO, CFO, General Counsel, etc.)
  • Attorneys who want to advise their clients on cyber risk management
  • IT managed service providers (MSP) who who want to advise their clients on cyber risk management

Seeking Feedback!

We are looking to add additional workshops and offerings, but need to hear what YOU are looking to learn!

Complete the Survey