Episode 34
Applying IRMBOK to Risk Management
In this episode of The Smart IT podcast, I welcomed Jeff Lowder, a seasoned risk professional and author of the upcoming Information Risk Management Body of Knowledge (IRMBOK), to the show. The conversation centered on how risk management professionals must evolve beyond traditional roles to become strategic partners in decision-making. Modern IT demands a deeper understanding of business objectives, as technology is not just about infrastructure—it’s about enabling organizations to thrive while managing risk effectively.
Jeff reviewed IRMBOK, a comprehensive guide for information risk management, covering both process frameworks and practical techniques. It covers a lot of intuitive and useful tools that risk practitioners can utilize in their work.
A major theme of the episode is the inadequacy of conventional risk methods—such as high/medium/low risk matrices—and the push toward quantitative approaches.
Many cybersecurity professionals are trained to focus only on downside risk, but real-world decision-making involves balancing both risks and opportunities. This broader perspective, which Jeff calls "decision management," leads to better alignment with how executives and boards think and make choices.
He emphasized the need for upskilling in quantitative risk analysis, stating that most of the required math is basic and accessible. He advocated for a more rigorous, business-aligned, and outcome-focused approach to IT and cybersecurity risk management, underlining that better decisions—not just compliance—should be the end goal.
“Risk management is about helping the business make better decisions—not just saying no.” - Jeff Lowder
Link to this episode: https://youtu.be/SRrvluPLuls
#SmartIT #IRMBOK #RiskManagment #CRQ #DecisionManagement #DecisionScience #CyberRisk #SiRA #SiRACon #SiRAcon25
Production: Brilliant Beam Media Syya Yasotornrat
Show Notes
- Jeff on LinkedIn: https://www.linkedin.com/in/jlowder/
- Society of Information Risk Analysts (SiRA): https://www.societyinforisk.org/
- SiRAcon'25: https://www.societyinforisk.org/SiRAcon
- SiRAcon'25 Registration: https://web.cvent.com/event/aea3fabb-28f2-48e0-99b7-9eab5e226ee4/websitePage:a14c3e74-c745-4825-b56e-fca5f73d25a6
- Link to this episode: https://youtu.be/SRrvluPLuls
- The Smart IT Podcast YouTube Channel: https://www.youtube.com/@thesmartitpodcast
- Captivate Website for all episodes: https://the-smart-it-podcast.captivate.fm/