The Cyber Threat Perspective cover image

The Cyber Threat Perspective

Episode 115: How to understand and address risk w/ Robert McElroy

Nov 20, 2024
In this engaging discussion, Robert McElroy, VP at SecureIT 360 with over a dozen years in security governance, shares insights on understanding and managing organizational risk. He dives into the distinction between risk and incident management, emphasizing the need for contextual assessments in cybersecurity. McElroy explores the importance of identifying critical systems, ongoing evaluations, and the role of senior management in prioritizing risks. He also highlights the intricacies of risk management in M365 environments and the value of KPIs in measuring effectiveness.
40:25

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

  • Understanding risk involves differentiating vulnerabilities from threats, emphasizing the need for contextual evaluation in risk management.
  • Cost-effective risk management ensures that mitigation expenses align with potential losses, optimizing resource allocation within organizations.

Deep dives

Understanding Risk Management

Risk is defined as the potential for negative outcomes, which opens the conversation around risk management. Many organizations often confuse risk with incident management, which deals with past problems, whereas risk management focuses on future threats. A proper understanding of risk involves differentiating between vulnerabilities and threats; vulnerabilities are weaknesses, while threats are potential exploiters of those vulnerabilities. A foundational component of risk management is being able to assess the likelihood and potential impact of identified risks.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner