Range Scenario · operations · 90 min
AI Risk Assessment: Healthcare Diagnostic Model Sign-Off
This cybersecurity training scenario simulates a working incident. Conduct a 7-day cybersecurity-aware AI risk assessment on a healthcare diagnostic model. Cover data lineage, bias evaluation, robustness testing, failure modes, and mitigation planning. Deliver a sign-off recommendation with a defensible basis.
Scenario briefing
You are the lead AI risk assessor at a health-tech vendor. The product team built a diagnostic model that flags suspected pulmonary nodules in chest CT scans for radiologist review. The model is intended for adjunct use, not autonomous diagnosis. Launch is gated on your assessment.
Seven days. Your output is a written risk assessment plus a sign-off recommendation: ship, ship-with-conditions, or block. The CISO and the chief medical officer share sign-off authority. Your assessment is the basis for their decision. The Range scenario simulates the day-by-day decisions that drive a real assessment.
This scenario tests AI risk assessment as a formal practice. Healthcare AI under FDA review and EU AI Act high-risk classification. Risk assessment work also covers credit, employment, and infrastructure use cases with similar structure. Learn the structure once, apply it across domains.
What you will practice
- Structure a multi-day AI risk assessment across data, model, and deployment risk
- Evaluate dataset lineage and representativeness
- Design bias and robustness tests with defensible thresholds
- Map failure modes to mitigation and write a sign-off recommendation that survives executive challenge
How this scenario is scored
The scenario has 10 ordered steps. Most steps are exact-match (a MITRE ATT&CK technique ID, a tool name, or a yes/no decision) or multiple choice. Free-text steps queue for manual review and do not affect the auto-final-score in the MVP.
Each step has a max score of 100 points. Hints deduct points up front, listed before you reveal them. Your final score is the sum across steps. Range Elo updates on completion based on scenario difficulty (Elite) and your final score percentage.
Frequently asked questions
What is the structure of an AI risk assessment?
Common structure: data risk (lineage, representativeness, consent, drift), model risk (accuracy, fairness, robustness, calibration), deployment risk (human oversight design, monitoring, kill-switch, incident plan), governance risk (regulatory fit, documentation, audit trail). Each section produces a finding with severity. The sign-off recommendation rolls up the findings.
What thresholds go on bias and robustness tests?
Bias: equalized odds disparity below a domain-specific threshold (in healthcare, often 5 percent across protected subgroups for sensitivity, with stricter bars on rare conditions). Robustness: minimum performance on perturbed inputs (small image shifts, lossy compression, noise) within a defined accuracy drop. Calibration: predicted probabilities match observed frequencies within a target gap. Thresholds come from domain norms and regulatory expectations.
What does a defensible sign-off recommendation look like?
Three options: ship, ship-with-conditions, block. Recommendation cites specific findings, names the residual risk you accept, and lists the conditions if any. The recommendation does not hide ambiguity. If you do not have enough evidence to ship cleanly, ship-with-conditions or block is the right answer. Soft yes is the worst option because it leaves the executives unprotected.
Course content is for educational purposes only and does not constitute professional advice. All claims are supported by cited peer-reviewed academic research. DecipherU does not teach or reproduce any proprietary sales methodology. Verify all referenced sources independently.
Get cybersecurity career insights delivered weekly
Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.
By subscribing you agree to our privacy policy. Unsubscribe anytime.