Skip to main content
Image coming soon

Audit-Tested Cyber Risk Quantification for Public-Sector Programs

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Audit-Tested Cyber Risk Quantification for Public-Sector Programs

Implementable risk quantification frameworks aligned with public-sector audit standards

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.
Cyber risk assessments that don’t survive audit review create rework, erode trust, and delay program funding

The situation this course is for

Public-sector programs face increasing pressure to demonstrate measurable cyber risk resilience. Traditional qualitative methods are no longer sufficient. Assessments that lack audit-grade documentation or fail to align with control frameworks often result in findings, delayed approvals, and loss of stakeholder confidence. Practitioners need structured, repeatable methods to quantify risk in ways that satisfy compliance reviewers and support strategic investment.

Who this is for

Risk officers, compliance leads, IT governance professionals, and program managers in federal, state, and local government programs or contractors supporting public-sector missions

Who this is not for

Entry-level IT staff without risk or compliance responsibilities, vendors focused solely on commercial-sector frameworks, or individuals seeking certification prep

What you walk away with

  • Apply audit-tested methods to quantify cyber risk in public-sector contexts
  • Align risk models with NIST, FISMA, and OMB compliance expectations
  • Document risk assessments to withstand external audit scrutiny
  • Integrate risk quantification into budget and procurement decision cycles
  • Lead cross-functional teams using repeatable, defensible risk frameworks

The 12 modules (with all 144 chapters)

Module 1. Foundations of Public-Sector Cyber Risk
Establish core principles of risk in government and grant-funded environments
12 chapters in this module
  1. Defining mission-aligned risk tolerance
  2. Public-sector vs. commercial risk contexts
  3. Regulatory drivers: FISMA, NIST, OMB
  4. The audit lifecycle and risk documentation
  5. Stakeholder alignment in risk programs
  6. Risk ownership models in decentralized agencies
  7. Budget cycles and risk planning alignment
  8. Ethical considerations in public-sector quantification
  9. Transparency and public accountability
  10. Documentation standards for external review
  11. Baseline control frameworks and risk adjustment
  12. Case study: Municipal IT risk assessment
Module 2. Audit-Ready Risk Framework Design
Build frameworks that meet external review standards
12 chapters in this module
  1. Designing for audit defensibility
  2. Mapping risk to control frameworks
  3. Evidence collection protocols
  4. Version control for risk models
  5. Change management in risk frameworks
  6. Third-party validation pathways
  7. Documentation for reproducibility
  8. Risk model peer review processes
  9. Maintaining independence and objectivity
  10. Audit trail creation for risk decisions
  11. Cross-agency framework alignment
  12. Case study: Federal grant program review
Module 3. Quantitative Risk Modeling Techniques
Apply numerical methods to cyber risk scenarios
12 chapters in this module
  1. From qualitative to quantitative assessment
  2. Probability estimation for cyber events
  3. Loss magnitude modeling
  4. Monte Carlo simulation basics
  5. Scenario selection and weighting
  6. Data sourcing for public-sector models
  7. Calibrating models to historical incidents
  8. Sensitivity analysis techniques
  9. Confidence intervals in risk estimates
  10. Presenting uncertainty to decision-makers
  11. Model validation checkpoints
  12. Case study: State-level cyber incident projection
Module 4. Integrating NIST CSF and RMF
Align risk quantification with established frameworks
12 chapters in this module
  1. NIST CSF as a risk quantification scaffold
  2. Mapping controls to risk reduction
  3. RMF phase integration points
  4. Inherent vs. residual risk measurement
  5. Control effectiveness scoring
  6. Quantifying risk reduction per control
  7. Gap analysis with quantitative output
  8. Tiered risk reporting for leadership
  9. Crosswalk between CSF and audit criteria
  10. Automating control-to-risk mappings
  11. Updating models after control changes
  12. Case study: Federal agency CSF adoption
Module 5. FISMA and OMB Compliance Integration
Meet federal reporting and documentation mandates
12 chapters in this module
  1. FISMA reporting requirements
  2. OMB A-130 alignment points
  3. Annual assessment documentation
  4. Risk thresholds for reporting
  5. Agency-specific policy mapping
  6. Documentation for OIG review
  7. Risk exceptions and justification
  8. Continuous monitoring integration
  9. Automated evidence collection
  10. Executive summary standards
  11. Inter-agency risk data sharing
  12. Case study: Multi-agency compliance review
Module 6. Third-Party Risk Quantification
Assess and document vendor and contractor risk
12 chapters in this module
  1. Third-party risk lifecycle
  2. Quantifying supply chain exposure
  3. Contractual risk transfer mechanisms
  4. Audit rights and access provisions
  5. Vendor risk scoring models
  6. Subcontractor oversight requirements
  7. Incident response coordination
  8. Financial impact of vendor breaches
  9. Geopolitical risk factors
  10. Due diligence documentation standards
  11. Exit strategies and contingency planning
  12. Case study: Government contractor review
Module 7. Risk Communication for Leadership
Present findings to executives and oversight bodies
12 chapters in this module
  1. Translating risk to mission impact
  2. Executive summary frameworks
  3. Visualizing risk for non-technical audiences
  4. Budget justification with risk data
  5. Scenario planning for decision-makers
  6. Risk appetite articulation
  7. Board-level reporting cadence
  8. Handling dissenting views
  9. Public communication considerations
  10. Press and media risk narratives
  11. Long-term trend reporting
  12. Case study: Public health agency briefing
Module 8. Cyber Risk in Grant-Funded Programs
Address unique risks in project-based funding
12 chapters in this module
  1. Grant lifecycle risk exposure
  2. Funding conditionality and risk
  3. Subaward risk management
  4. Compliance monitoring for grantees
  5. Reporting requirements for risk events
  6. Auditor expectations in grant reviews
  7. Risk allocation in cooperative agreements
  8. Documentation for pass-through entities
  9. Risk in multi-year grants
  10. Budget reallocation due to risk
  11. Closeout risk considerations
  12. Case study: Federal education grant program
Module 9. Incident Response and Risk Updating
Incorporate real events into risk models
12 chapters in this module
  1. Post-incident risk reassessment
  2. Updating probability estimates
  3. Loss experience adjustments
  4. Root cause to control gap mapping
  5. Audit findings as risk inputs
  6. Lessons learned integration
  7. Revised risk scenarios
  8. Stakeholder communication post-event
  9. Regulatory reporting alignment
  10. Insurance claims and risk models
  11. Reputation risk quantification
  12. Case study: Ransomware event follow-up
Module 10. Cross-Agency Risk Collaboration
Coordinate risk programs across organizational boundaries
12 chapters in this module
  1. Interagency risk data sharing
  2. Common risk taxonomies
  3. Joint risk assessment protocols
  4. Memoranda of understanding
  5. Centralized vs. decentralized models
  6. Risk aggregation methods
  7. Dispute resolution mechanisms
  8. Federated risk governance
  9. Information sharing agreements
  10. Privacy considerations in collaboration
  11. Standardized reporting formats
  12. Case study: Regional emergency response network
Module 11. Risk Technology Implementation
Deploy tools and processes for sustained use
12 chapters in this module
  1. Selecting risk quantification platforms
  2. Integration with existing GRC tools
  3. Data pipeline design
  4. User access and permissions
  5. Change management planning
  6. Training for risk teams
  7. Pilot program design
  8. Metrics for program success
  9. Vendor selection criteria
  10. Open-source vs. commercial tools
  11. Maintaining model relevance
  12. Case study: State IT risk platform rollout
Module 12. Sustaining and Evolving Risk Programs
Ensure long-term effectiveness and adaptability
12 chapters in this module
  1. Annual review processes
  2. Updating models for new threats
  3. Staff turnover and knowledge transfer
  4. Continuous improvement cycles
  5. Benchmarking against peers
  6. Regulatory change monitoring
  7. Stakeholder feedback loops
  8. Audit preparation cycles
  9. Succession planning for risk roles
  10. Modernization roadmaps
  11. Scaling programs across agencies
  12. Case study: Multi-year risk maturity journey

How this maps to your situation

  • Preparing for federal audit review
  • Designing a new risk program for a public-sector agency
  • Responding to increased board oversight of cyber risk
  • Leading third-party risk assessments for grant compliance

Before vs. after

Before
Risk assessments are inconsistent, lack audit documentation, and fail to influence strategic decisions
After
Risk quantification is standardized, audit-ready, and directly informs budgeting, procurement, and leadership planning

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 3 hours per week over 12 weeks to complete all modules, exercises, and playbook integration.

If nothing changes
Organizations that delay implementation risk repeated audit findings, inefficient resource allocation, and diminished credibility when justifying cybersecurity investments to oversight bodies.

How this compares to the alternatives

Unlike generic risk courses, this program focuses exclusively on public-sector audit requirements, compliance integration, and implementation in mission-driven environments. It provides field-tested templates and a custom playbook not available in certification prep or commercial-sector focused training.

Frequently asked

Who is this course designed for?
Risk officers, compliance leads, IT governance staff, and program managers in federal, state, or local government programs, or contractors supporting public-sector missions.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Is this course technical or strategic?
It bridges both, with implementation-grade frameworks for practitioners leading risk initiatives in regulated environments.
$199 one-time. Approximately 3 hours per week over 12 weeks to complete all modules, exercises, and playbook integration..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours