CURV 831 - Cybersecurity Risk Assessment
Course Description
Organizations across sectors face rising cybersecurity pressures—from regulatory shifts to increasingly sophisticated threats. Professionals who can assess risk clearly and guide compliance-aligned responses are in high demand.
In Risk Assessment, you’ll demonstrate your expertise in critically assessing cybersecurity risks within an organization in accordance with regulatory standards, compliance requirements, and industry best practices and frameworks.
You will be required to:
- Demonstrate knowledge of risk management and compliance protocols and industry best practices (e.g., NIST Risk Management Framework, ISACA, IT risk frameworks)
- Conduct risk assessments across a variety of contexts using cybersecurity risk assessment frameworks and tools
- Propose appropriate treatment and response strategies (e.g., mitigation, acceptance, transfer, or avoidance)
- Prepare and present findings and recommendations for different audiences
What to Expect
When you sign up, we provide resources and exercise examples to help you refresh your knowledge of cybersecurity risk management. You will then complete an assessment to showcase your ability to critically assess cybersecurity risks in accordance with regulatory standards, compliance requirements, and industry best practices and frameworks.
An expert will review your work and provide detailed feedback. If you meet our standard for expertise, you will earn a Toronto Metropolitan University Curv microcredential from The Chang School that validates your ability to:
- Use cybersecurity (CS) risk management principles to assess a cybersecurity risk and compliance challenge in a workplace scenario
- Create and pitch a cybersecurity risk management plan
- Propose appropriate treatment and response strategies
For the assessment, you will:
- Be assigned a realistic workplace scenario requiring you to apply comprehensive cybersecurity risk assessment and management skills
- Interpret the scenario and apply relevant technical terms, concepts, frameworks, procedures, and best practices to assess the organization’s risk exposure and compliance or ethical challenges
- Synthesize findings and recommendations into a slide-deck presentation
- Record two videos, adapted for different audiences: a 5-minute pitch summarizing key findings and a detailed 10–12 minute presentation delivering the full risk assessment and management plan
- Alternatively, provide a written response alongside your screen-capture submission
Meet the Curv Creator
Meet Claude. Claude Sam-Foh is a technology and cybersecurity leader with over 30 years of experience in enterprise architecture, governance, and risk management across government and higher education. He brings practical, real-world insight into cybersecurity assessment, compliance, and digital transformation.
Learn more about Claude
Who Should Take This Program?
This microcredential is designed for cybersecurity and IT professionals looking to validate their expertise in cybersecurity risk assessment and management.
You may have a background in computer science, IT, or a related field, with 2–3 years of technical experience in cybersecurity.
No matter your current role, this microcredential demonstrates that you have the expertise to assess and manage cybersecurity risk in today’s evolving digital landscape.
Frequently Asked Questions
What are the requirements for this microcredential?
You should have foundational knowledge and skills before enrolling. If you can answer ‘yes’ to all of the following statements, then you may be ready to enrol:
- Basic computer literacy, including familiarity with hardware, software, and the Internet
- Understanding of risk assessment and management and compliance protocol
- Ability to assess and prioritize cybersecurity risks, propose actionable mitigation strategies, and address compliance challenges effectively
- Knowledge of risk management and compliance protocols and industry best practices (for example, NIST Risk Management Framework)
- Knowledge of common cybersecurity best practice frameworks, such as NIST CSF 2.0 or NIST SP 800-30 Rev 1 (Guide for Conducting Risk Assessment) or NIST SP 800-53 Rev 5 (Security and Privacy Controls for Information Systems and Organizations)
- Knowledge of ISACA (certification like CISM - Certified Information Security Manager), including familiarity with IT Risk frameworks
- Familiarity with ISC2 best practices/guidelines (Risk Management Certificate)
- Knowledge of tools used for written and virtual collaboration and screen recording, such as Zoom and QuickTime
- Proficiency in spoken and written English
- Ability to communicate with professional audiences in written/digital and verbal formats
What do I need to do for the assessment?
You will apply comprehensive cybersecurity risk management skills within a realistic workplace scenario. You will be required to:
- Interpret the scenario to understand its context, apply relevant technical terms, concepts, frameworks, procedures, and best practices to assess the enterprise’s risk exposure and compliance or ethical challenges
- Synthesize your findings and recommendations into a slide deck presentation
- Record a two videos, adapted for different audiences: a 5-minute pitch summarizing key findings, and a detailed 10-12 minute presentation to deliver the risk assessment and management plan
- Alternatively, provide a written response alongside your screen-capture submission.
- This assessment validates your ability to critically assess cybersecurity risks within an organization in accordance with regulatory standards, compliance requirements and industry best practices and frameworks.
What are the technological requirements for the assessment?
You will need a:
- Stable Internet connection (no minimum connection speed required)
- Computer with an Internet browser (e.g., Edge, Safari, Chrome, Firefox, etc.) Note: Chrome Internet browser is recommended for optimal experience
- Mobile phone* capable of receiving an SMS text message
*Why do I need a mobile phone? A mobile device is required for two-factor authentication to log in to the my.torontomu.ca portal and access the microcredential environment (D2L Brightspace).
How much time do I have to complete the assessment after enrolling?
Your microcredential experience lasts two weeks:
- Week 1: Gain access to the learning environment (D2L Brightspace), where you can explore self-paced refresher materials and practice activities. The estimated time commitment is 2–7 hours, depending on your experience level.
- Week 2: Receive access to the assessment scenario and required materials. You can complete the assessment this week at any time. Some assessments may have a recommended time limit (e.g., three hours), which will be outlined in the Assessment Information section.
What are my support options?
Upon enrolling, you will have access to refresher resources and exercises. Your expert assessor will be available through the D2L Support Forum for any questions prior to the assessment. If you have any questions or experience any technical issues, you may contact Toronto Metropolitan University’s Computing and Communications Services (CCS) by email or phone.
What happens once I complete the assessment?
A week after you complete the assessment, you will receive your result from an expert assessor.
If you are able to meet the criteria and pass the assessment, you will receive a shareable Curv Microcredential digital credential from The Chang School at Toronto Metropolitan University. This credential can be shared on your LinkedIn profile, personal website, or anywhere you want to display your achievements.
If you are not able to meet the criteria and do not pass the assessment, you can re-enrol and try again when the next offering of this microcredential is available. Be sure to review your feedback and ensure that you have filled any gaps in knowledge or skill before registering for a future offering of this microcredential.