Experiential Activities for Risk Management Education


  • Michael Whitman Kennesaw State University
  • Robert Chaput Clearwater Compliance, LLC


risk management, risk assessment, information security education, cybersecurity education, experiential education


A core premise in the instruction of Information Security/Cybersecurity is that risk management is a cornerstone of security management, as evidenced in the promotion of GRC (Governance, Risk Management and Compliance) as the strategic triad in the trade press. While a theoretical exploration of risk management is important, the provision of an experiential activity to support the theory is valuable in cementing the knowledge in students. This paper will discuss popular risk management methodologies and examine a number of tools to support the instruction of the more common methodologies by instructors without substantial cost or learning curve.