What changes after this module
Read cyber risk as a practical question about harm to services, people, or operations rather than a detached score.
Outcome promise
- Explain cyber risk using impact, likelihood, and operational consequence.
- Link a risk statement back to a service outcome or business obligation.
Core model
Use the diagram and terms below as the minimum model you should be able to explain after this module. If you cannot explain the model in plain language, pause here before you move on.
Key terms
- Risk
- The possibility that harm will affect an asset or outcome.
- Impact
- The consequence if the event happens, including operational, legal, or trust damage.
Check yourself
Answer the prompt before you reveal the check. If you cannot answer it in your own words, revisit the model and the terms once more.
Quick check
Why is a threat list not enough to make a risk decision?
Reveal the answer check
Because you still need to know what the threat could harm, how likely it is in context, and what consequence matters most.
Reflection and evidence
Keep the evidence small. One honest reflection and one small artefact is enough to show that the learning changed how you describe, check, or design something.
Reflection prompt
Write one cyber risk in your context. What real service, user, or obligation would be affected if it happened?
Artefact
A short risk statement with impact, likelihood, and the outcome it threatens.
Optional deeper practice
Use the workspace to compare two security risks and decide which one deserves action first and why.
Move through the course
Keep the flow predictable. Stay with the stage sequence unless you have a clear reason to jump around.