Experiential Activities for Risk Management Education
Cover - CISSE Volume 8, Issue 1


risk management
risk assessment
information security education
cybersecurity education
experiential education


A core premise in the instruction of Information Security/Cybersecurity is that risk management is a cornerstone of security management, as evidenced in the promotion of GRC (Governance, Risk Management and Compliance) as the strategic triad in the trade press. While a theoretical exploration of risk management is important, the provision of an experiential activity to support the theory is valuable in cementing the knowledge in students. This paper will discuss popular risk management methodologies and examine a number of tools to support the instruction of the more common methodologies by instructors without substantial cost or learning curve.