Skip to main content
Image coming soon

Audit-Tested Cyber Risk Quantification for Public-Sector Programs

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Audit-Tested Cyber Risk Quantification for Public-Sector Programs

A 12-module implementation-grade program for business and technology leaders advancing cyber risk maturity in public-sector environments

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.
Cyber risk decisions in public-sector programs are often based on intuition, not audit-ready analysis, leaving leaders exposed to second-guessing, delays, and compliance friction.

The situation this course is for

Public-sector initiatives face increasing scrutiny on cybersecurity accountability. Yet most risk assessments remain qualitative, inconsistent, or disconnected from audit requirements. Without a standardized, quantifiable approach, teams struggle to justify controls, prioritize investments, or demonstrate due diligence when under review.

Who this is for

A compliance officer, program manager, or technology leader in a public-sector or public-facing organization who must justify cyber risk decisions under audit conditions.

Who this is not for

This is not for entry-level IT staff, penetration testers, or vendors focused solely on tooling. It’s for decision-makers who own risk posture and must deliver audit-ready justification.

What you walk away with

  • Apply a standardized methodology to quantify cyber risk in financial and operational terms
  • Design risk registers that survive audit scrutiny and support decision-making
  • Integrate quantified risk outputs into program planning and budget cycles
  • Communicate cyber risk posture clearly to non-technical stakeholders and oversight bodies
  • Build repeatable processes that scale across multiple public-sector initiatives

The 12 modules (with all 144 chapters)

Module 1. Foundations of Cyber Risk Quantification
Establish core principles, terminology, and the role of quantification in public-sector accountability.
12 chapters in this module
  1. Defining cyber risk in public-sector contexts
  2. The evolution from qualitative to quantitative risk assessment
  3. Key standards influencing public-sector risk (NIST, ISO, COBIT)
  4. Distinguishing risk tolerance, appetite, and threshold
  5. The audit lifecycle and its impact on risk documentation
  6. Common pitfalls in early-stage risk quantification
  7. Aligning risk language across technical and non-technical teams
  8. The role of leadership in risk culture
  9. Baseline requirements for defensible risk models
  10. Introducing the FAIR framework in public programs
  11. Scenario: Building a risk-aware project kickoff
  12. Chapter exercise: Draft a risk charter for a sample initiative
Module 2. Audit Expectations and Compliance Alignment
Decode what auditors look for and how to structure risk outputs to meet compliance standards.
12 chapters in this module
  1. Understanding auditor priorities in public-sector reviews
  2. Mapping risk artifacts to compliance requirements
  3. Documentation standards for defensible risk claims
  4. How to anticipate and respond to audit findings
  5. Risk evidence packaging for transparency
  6. Version control and audit trails for risk models
  7. Common audit red flags and how to avoid them
  8. Working with internal vs. external auditors
  9. Integrating audit feedback into risk cycles
  10. Case study: Recovering from a non-conformance finding
  11. Checklist: Pre-audit risk documentation readiness
  12. Chapter exercise: Audit-proof a sample risk register
Module 3. Data Collection for Risk Inputs
Gather reliable, relevant data to feed risk models without overburdening teams.
12 chapters in this module
  1. Identifying high-value risk inputs
  2. Sourcing data from existing IT and security systems
  3. Interviewing stakeholders for loss event estimates
  4. Validating data credibility and recency
  5. Handling data gaps and uncertainty
  6. Minimizing collection burden on operational teams
  7. Data classification and sensitivity in risk contexts
  8. Using proxies when direct data is unavailable
  9. Documenting data sources for audit traceability
  10. Automating data pipelines for recurring assessments
  11. Case study: Data collection in a decentralized agency
  12. Chapter exercise: Build a data sourcing plan
Module 4. Threat Landscape Modeling
Characterize realistic threats relevant to public-sector programs.
12 chapters in this module
  1. Public-sector threat actor profiles
  2. Adapting threat libraries (MITRE ATT&CK) for government use
  3. Estimating threat event frequency
  4. Differentiating opportunistic vs. targeted attacks
  5. Incorporating geopolitical and policy-driven threats
  6. Using historical incident data to inform threat models
  7. Scenario: Threat modeling for a citizen-facing portal
  8. Validating threat assumptions with peer review
  9. Updating threat models in response to new intelligence
  10. Balancing realism and conservatism in threat estimates
  11. Tools for visualizing threat landscapes
  12. Chapter exercise: Build a threat scenario matrix
Module 5. Vulnerability Assessment Integration
Link technical vulnerabilities to business impact pathways.
12 chapters in this module
  1. Translating CVSS scores into risk context
  2. Prioritizing vulnerabilities by exploitability and exposure
  3. Integrating vulnerability scan data into risk models
  4. Accounting for patching cycles and technical debt
  5. Human factors as vulnerabilities
  6. Third-party and supply chain exposure
  7. Environmental factors influencing vulnerability
  8. Using red team findings in quantification
  9. Documenting assumptions about exploit likelihood
  10. Case study: Vulnerability risk in legacy systems
  11. Checklist: Vulnerability-to-risk mapping
  12. Chapter exercise: Quantify impact of a known vulnerability
Module 6. Impact Analysis and Loss Factors
Estimate financial, operational, and reputational consequences of cyber events.
12 chapters in this module
  1. Types of loss: productivity, response, replacement, fines
  2. Estimating downtime costs for public services
  3. Calculating regulatory penalty exposure
  4. Reputational damage modeling for public trust
  5. Intangible loss quantification techniques
  6. Multiplier effects in cascading failures
  7. Using benchmarks from public-sector incident reports
  8. Scenario: Estimating impact of data breach on citizen trust
  9. Sensitivity analysis for uncertain loss estimates
  10. Documenting loss assumptions for audit
  11. Tools for loss factor calculation
  12. Chapter exercise: Build a loss magnitude table
Module 7. Risk Scoring and Prioritization
Combine threat, vulnerability, and impact data into actionable risk scores.
12 chapters in this module
  1. Choosing a risk scoring methodology
  2. Calibrating risk scales for public-sector context
  3. Avoiding common scoring biases
  4. Normalizing risk across disparate programs
  5. Weighting risk by mission criticality
  6. Using heat maps and risk registers
  7. Setting risk thresholds for escalation
  8. Scenario: Prioritizing risks across three public programs
  9. Validating scoring with leadership judgment
  10. Updating scores dynamically
  11. Tools for risk scoring automation
  12. Chapter exercise: Score and rank sample risks
Module 8. Risk Reporting for Leadership
Translate technical risk into executive insights.
12 chapters in this module
  1. Tailoring risk reports to different audiences
  2. Visualizing risk for non-technical decision-makers
  3. Telling a story with risk data
  4. Connecting risk to strategic objectives
  5. Reporting frequency and cadence
  6. Dashboards for ongoing risk monitoring
  7. Scenario: Presenting risk to a board committee
  8. Avoiding risk report fatigue
  9. Using benchmarks to show progress
  10. Documenting risk decisions over time
  11. Checklist: Executive risk briefing
  12. Chapter exercise: Draft a leadership risk summary
Module 9. Risk Treatment and Mitigation Planning
Develop actionable plans to reduce or transfer identified risks.
12 chapters in this module
  1. Choosing between mitigate, transfer, accept, avoid
  2. Cost-benefit analysis of controls
  3. Integrating risk treatment into project plans
  4. Third-party risk transfer mechanisms
  5. Insurance considerations for public programs
  6. Building business case for security investments
  7. Scenario: Justifying a security upgrade to finance
  8. Tracking mitigation effectiveness
  9. Revisiting risk after controls are implemented
  10. Documenting risk acceptance decisions
  11. Tools for treatment planning
  12. Chapter exercise: Build a mitigation roadmap
Module 10. Program Integration and Governance
Embed risk quantification into program management and oversight.
12 chapters in this module
  1. Integrating risk into project lifecycle gates
  2. Role of PMO in risk oversight
  3. Risk review meetings and cadence
  4. Linking risk to budget and procurement
  5. Training teams on risk quantification
  6. Maintaining risk artifacts over time
  7. Scenario: Risk integration in a multi-year program
  8. Auditing the risk process itself
  9. Scaling risk practice across agencies
  10. Checklist: Risk governance framework
  11. Chapter exercise: Design a risk integration plan
  12. Chapter exercise: Audit a sample risk process
Module 11. Continuous Risk Monitoring
Establish ongoing surveillance to keep risk models current.
12 chapters in this module
  1. Designing risk indicators and triggers
  2. Automating data feeds for risk models
  3. Review cycles for risk assumptions
  4. Responding to changes in threat or environment
  5. Scenario: Adjusting risk after a policy change
  6. Using tabletop exercises to stress-test models
  7. Benchmarking against peer organizations
  8. Reporting risk trends over time
  9. Tools for continuous monitoring
  10. Documenting model updates for audit
  11. Checklist: Continuous risk review
  12. Chapter exercise: Simulate a risk model refresh
Module 12. Audit Readiness and Evidence Packaging
Prepare risk artifacts to withstand formal review.
12 chapters in this module
  1. Assembling audit packages for risk models
  2. Version control and change logs
  3. Documenting assumptions and rationale
  4. Preparing teams for audit interviews
  5. Scenario: Responding to an auditor’s request
  6. Common findings and how to preempt them
  7. Using templates to ensure consistency
  8. Third-party validation of risk models
  9. Post-audit improvement cycles
  10. Checklist: Audit readiness review
  11. Tools for evidence management
  12. Chapter exercise: Package a risk model for audit

How this maps to your situation

  • Newly appointed risk lead in a public-sector program
  • Compliance officer preparing for annual audit cycle
  • IT director integrating cyber risk into capital planning
  • Program manager justifying security budget in a constrained environment

Before vs. after

Before
Risk decisions are based on intuition, inconsistent frameworks, or reactive responses to audit findings.
After
Risk is quantified, documented, and communicated in a standardized, audit-ready format that supports confident decision-making.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 4-6 hours per module, designed for self-paced learning with implementation-focused exercises.

If nothing changes
Without a structured, audit-tested approach, organizations risk delayed approvals, repeated findings, misallocated resources, and erosion of stakeholder trust due to unverifiable risk claims.

How this compares to the alternatives

Unlike generic cybersecurity courses, this program focuses exclusively on audit-tested quantification methods for public-sector programs. Compared to live workshops, it offers on-demand access with structured, repeatable content and practical tooling.

Frequently asked

Who is this course designed for?
It's for business and technology professionals in public-sector or public-facing roles who own or influence cyber risk decisions and must demonstrate accountability under audit conditions.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Is there a certificate of completion?
Yes, a certificate is issued upon finishing all modules and passing the final assessment.
$199 one-time. Approximately 4-6 hours per module, designed for self-paced learning with implementation-focused exercises..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours