Skills Gained
By the end of this workshop, you will be able to:
- Cybersecurity analysis knowledge areas.
- Understand cybersecurity frameworks
- Business Analyst’s focal points for each knowledge area.
- How cybersecurity must be baked into business solutions.
- How to apply cybersecurity techniques and concepts.
- How to engage senior managers to elicit security requirements
- Cybersecurity analysis work practices
General Awareness: Understands the role of Business Analysis in Cybersecurity
Practical Knowledge: Follows Rules to conduct a stakeholder analysis
Practical Knowledge: Follows Rules using existing documentation to draft a RACI for a Cybersecurity project or program initiative
General Awareness: Understands how to locate the organization's security framework or model, or know that one does not yet exist
General Awareness: Understands what an Information Security Management System (ISMS) is and its objective
General Awareness: Understands what data privacy is
General Awareness: Understands the difference between an internal and external audit
Practical Knowledge: Follows Rules and knows the difference between compliance and best practice
General Awareness: Understands what a cyber risk is
General Awareness: Basic Knowledge of what a Cybersecurity Risk Assessment is
Practical Knowledge: Follows Rules for the inputs to a Business Case that BAs are typically responsible for
General Awareness: Understands what Disaster Recovery Plans and Business Continuity Plans are
Practical Knowledge: Follows Rules to develop a business process flow diagram, and identify steps along the path that present potential cybersecurity vulnerabilities
General Awareness: Understands what Cybersecurity Controls are and where to find various versions
General Awareness: Understands the three attributes of secure information: confidentiality, integrity and availability
General Awareness: Understands the difference between a cyber threat and a cyber vulnerability
Practical Knowledge: Follows Rules to identify typical impacts of a cyber-attack to an organization
General Awareness: Understands that there are multiple layers of technology to protect
General Awareness: Understands what is meant by Endpoint Security
General Awareness: Understands what Information Classification means
General Awareness: Understands what Information Categorization means
General Awareness: Understands what Data Security at Rest means
General Awareness: Understands what Data Security in Transit means
General Awareness: Understands what Encryption is
General Awareness: Understands what a Digital Signature is
General Awareness: Understands what authentication is
General Awareness: Understands what access control means
General Awareness: Understands what Privileged Account Management is
Practical Knowledge: Follows Rules and is familiar with key actions employees should take responsibility for to maintain security
General Awareness: Understands the principle of least privilege
Practical Knowledge: Follows Rules to elicit user access requirements
Practical Knowledge: Follows Rules to identify a Security Requirement when presented with a list of requirements
General Awareness: Understands what SaaS, IaaS and PaaS are
Practical Knowledge: Follows Rules to document a current state business process including current technology
General Awareness: Understands a target state business process for a cybersecurity initiative
General Awareness: Understands how to create and maintain a risk log
General Awareness: Basic Knowledge of the four risk treatment options: Accept, Avoid, Transfer, Mitigate
General Awareness: Understands what residual risk is
General Awareness: Understands how to create a report template for Security metrics
General Awareness: Understands Root Cause Analysis
