Applying IRMBOK To Risk Management The Smart IT podcast

17d ago 53:03

Content provided by William D. Reed. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by William D. Reed or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.

In this episode of The Smart IT podcast, I welcomed Jeff Lowder, a seasoned risk professional and author of the upcoming Information Risk Management Body of Knowledge (IRMBOK), to the show. The conversation centered on how risk management professionals must evolve beyond traditional roles to become strategic partners in decision-making. Modern IT demands a deeper understanding of business objectives, as technology is not just about infrastructure—it’s about enabling organizations to thrive while managing risk effectively.

Jeff reviewed IRMBOK, a comprehensive guide for information risk management, covering both process frameworks and practical techniques. It covers a lot of intuitive and useful tools that risk practitioners can utilize in their work.

A major theme of the episode is the inadequacy of conventional risk methods—such as high/medium/low risk matrices—and the push toward quantitative approaches.

Many cybersecurity professionals are trained to focus only on downside risk, but real-world decision-making involves balancing both risks and opportunities. This broader perspective, which Jeff calls "decision management," leads to better alignment with how executives and boards think and make choices.

He emphasized the need for upskilling in quantitative risk analysis, stating that most of the required math is basic and accessible. He advocated for a more rigorous, business-aligned, and outcome-focused approach to IT and cybersecurity risk management, underlining that better decisions—not just compliance—should be the end goal.

“Risk management is about helping the business make better decisions—not just saying no.” - Jeff Lowder

Link to this episode: https://youtu.be/SRrvluPLuls

#SmartIT #IRMBOK #RiskManagment #CRQ #DecisionManagement #DecisionScience #CyberRisk #SiRA #SiRACon #SiRAcon25

Production: Brilliant Beam Media Syya Yasotornrat

Show Notes

Jeff on LinkedIn: https://www.linkedin.com/in/jlowder/
Society of Information Risk Analysts (SiRA): https://www.societyinforisk.org/
SiRAcon'25: https://www.societyinforisk.org/SiRAcon
SiRAcon'25 Registration: https://web.cvent.com/event/aea3fabb-28f2-48e0-99b7-9eab5e226ee4/websitePage:a14c3e74-c745-4825-b56e-fca5f73d25a6
Link to this episode: https://youtu.be/SRrvluPLuls
The Smart IT Podcast YouTube Channel: https://www.youtube.com/@thesmartitpodcast
Captivate Website for all episodes: https://the-smart-it-podcast.captivate.fm/

35 episodes