This module focuses the student on a broad range of topics relative to risk-based planning for enterprise cybersecurity. The intent is focusing on creating risk assessment and modeling approaches to solve cybersecurity issues so that organizations can build security framework and sustain a healthy security posture. This course analyzes external and internal security threats, failed systems development and system processes and explores their respective risk mitigation solutions through policies, best practices, operational procedures, and government regulations. Risk frameworks covered include NIST SP 800-12, SP 800-37, SP 800-39, and CERT/CC risk analysis guidelines.