The Role of a Technical Business Analyst in Cybersecurity of a Project

The Role of a Technical Business Analyst in Cybersecurity of a Project
Business AnalystCybersecurityrole
5 min read
Share on LinkedIn Share on Facebook Share on Twitter Copy Link

As a Business Analyst whose scope extends traditional boundaries, we work on various technical and security aspects of the projects. See my previous article on Maximizing Threat Detection using Security Event Management Platforms. Today we take a look at how the role of the Business Analyst is defined when it comes to software and information security.

The role of business analysis in cybersecurity is becoming more common. According to respondents in IIBA’s 2019 Global Business Analysis Salary Survey 21% of business analysis professionals report being involved in their organizations’ cybersecurity practice.

A Business Analyst acts as a bridge between stakeholders, understanding their needs and translating them into actionable requirements for the development team. When it comes to the security requirements the BA’s responsibility becomes more crucial with the sensitivity of the subject matter. BAs ensure that security considerations are embedded from the outset, reducing vulnerabilities and enhancing the overall security posture of the organization.

As a Business Analyst, in addition to the normal scope of the role you may be required to:

  1. Identify your organization’s exposure to cybersecurity risks.
  2. Elicit and prioritize the cybersecurity requirements and expectations.
  3. Coordinate Compliance standards verification process
  4. Maintain Risk Registers, Incident Registers
  5. Keep track of the resource consumption and costs
  6. Audit the tools that are being used to keep a the compliance standards

As the above mentioned responsibilities suggest, the role is out of the traditional scope at times and some of the things that a BA is involved in the technical and security side has been described below.

Identify Security Requirements

Work with stakeholders to identify and document security requirements, ensuring that they align with the organization's security policies and regulatory requirements. The BA might not be the most fluent in the subject but should be able to learn fast from the developer and devops on the related subject matter up to a point where the requirements can be identified and can be prioritized with the team

Risk Assessment

Conduct risk assessments to understand the potential impact of security threats and prioritize security requirements accordingly. When it comes to risk assessment the role of the BA is within the scope of the things that are possible within the role. Ensuring the monitoring is kept up and running and constantly checking for vulnerabilities is one way that analysts take their part. If and when any Vulnerabilities are detected the BA communicates with the relevant stakeholders and escalates the issues

Access Monitoring

When it comes to the access to resources within a Software projects there are levels of access that are assigned to each member. There should be a proper log of this access levels and permissions. There could be changes to access depending on the different requirements and tasks given to the team members. In those circumstances there should be an updated log of changes. These are maintained by the BA incharge.

Coordinating Security Compliance Standards

Software Projects require certifications to be obtained for the product to be trusted by the customers. The BAs should be the anchor in the processes that follow when obtaining these sorts of certifications for the project. (SOC2, ISO 27001, NIST etc). After obtaining the certifications the BAs themselves need to be aware of the changes that are done so that nothing breaks the compliance standards that have been certified. 

Business Impact Analysis

Cybersecurity business analysts analyze the potential impact of cybersecurity incidents on the organization's operations, reputation, and financial performance. This helps prioritize security measures and investments. If there is a Penetration Testing that needs to be done for the project and there is a high priority for it, then the details of the analysis done from a business perspective needs to be communicated with decision makers in order to get it done.

Technical Policy Document Drafting

It is the Business Analysts that are involved in drafting up policy documents and getting them approved from the stakeholders. The BAs need to be able to communicate with relevant parties and create documentation that hold technical information of the Project, the data protection methods and various other documentation that fall under the development teams’ jurisdiction.

To conclude the BA’s role is crucial for the software cybersecurity department as they bridge the gap between technical teams and business stakeholders. By ensuring that cybersecurity measures align with organizational goals and regulatory requirements, BAs help to proactively identify risks, streamline processes, and enhance the overall security posture. The ability to translate complex technical concepts into actionable business insights ultimately safeguards the organization’s assets, reputation, and trust, making this Technical Business Analyst indispensable in the ever-evolving landscape of cybersecurity.

Business AnalystCybersecurityrole
5 min read
Share on LinkedIn Share on Facebook Share on Twitter Copy Link
S Madawala
Business Analyst
"CODIMITE" Would Like To Send You Notifications
Our notifications keep you updated with the latest articles and news. Would you like to receive these notifications and stay connected ?
Not Now
Yes Please