Keywords
How to Cite
Abstract
A core premise in the instruction of Information Security/Cybersecurity is that risk management is a cornerstone of security management, as evidenced in the promotion of GRC (Governance, Risk Management and Compliance) as the strategic triad in the trade press. While a theoretical exploration of risk management is important, the provision of an experiential activity to support the theory is valuable in cementing the knowledge in students. This paper will discuss popular risk management methodologies and examine a number of tools to support the instruction of the more common methodologies by instructors without substantial cost or learning curve.
Open Access License Notice:
This article is © its author(s) and is licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0). Beginning with Volume 13 (2026), this license is included directly within all published PDFs. For earlier articles, a cover page has been added to indicate the correct licensing terms. Any legacy copyright or pricing statements appearing within the PDF reflect prior print production workflows and do not represent the Journal’s current open access policy. For full details, please see the Journal’s License Terms.