5 Reasons Why the Business Analyst Needs to be a Cyber Security Expert
Ok, maybe not “expert.” But on the projects I manage – which are almost always technical in nature
– the business analyst serves as that technical liaison between the project management world and the technical analyst or the technical lead world. The Business Analyst takes business needs and translates them into functional design requirements so everyone can understand the needed functionality. The Business Analyst then assists the technical lead and technical project team members in translating functional requirements into technical design requirements to allow the technical team to take off and create something usable and real.
For this reason, I say the Business Analyst needs to be a well-versed technical resource. Systems are hacked constantly making security risks critical. The Business Analyst needs some expertise in cyber security to address the potential project security risks. Here is a list of five reasons why the business analyst needs to have some cyber security expertise.
1. Everything Can Be Hacked
Literally. Anything. Can be hacked. You can deny it, but attend a Black Hat conference or just look around. You’ll realize we are only fighting to keep up with – or lucky enough to stay one step ahead of hackers. While we are planning for risk, performing design and development on our solution, hackers have nothing else to do than work on hacking the latest technology. And there is more than one of them. Do I sound paranoid? I should…because it is true. We are on a collision course and eventually will lose. So on our projects, we need consideration for cyber security, cyber crime, and information security. The Business Analyst is the natural go-to person on the project team to be the most informed on these topics. Address cyber security on each project you work on from this day forward, you won’t be sorry that you did.
2. Data Sensitivity is Broader Than You Think
Your data on your project is more desirable and more sensitive than you think. Sure, there may be those projects that no one will care about, and no one would ever want or need to hack. If you are handling financial data of any kind or even consider the financial information of your project customer that accounting is handling (as well as any vendors you are using), it all may be desirable, and it all eventually will be hacked. The business analyst is that PM ==> Tech go-between resource and must stay technically current on the security niche.
3. Cyber Security is Part of Risk Management
Risk management needs to happen on every single project. Although in reality, it doesn’t happen on every project. When execution of risk management does occur, it is not happening with a level of detail that is insufficient. This is based on surveys I have conducted, surveys I have read, and my experiences. And, if risk management should be happening, then cyber security concerns should be coming to light during that risk management planning because it has to be part of the risk management process. All of our projects are in some medium to urgent need for cybersecurity measures, and we need to react accordingly. Until cyber crime vanishes then it has to be part of risk planning.
4. The Business Analyst Has Something to do With Everything Technical
The Business Analyst is the technical liaison between the Project Manager (who should be at least somewhat technical), and the technical lead (who should not in any way be a project manager-type) means the Business Analyst is walking a fine line. The Business Analyst is not overly technical but has enough technical knowledge to understand where in the requirements, functional design or technical design need security considerations. The Business Analyst focuses on matters of data security and integrity throughout the project, not just during design.
5. The Business Analyst is the Go-To Solution Resource.
The Business Analyst is – or should be – the go-to technical solution person on the project. The Business Analyst is not expected to be the most technical, but certainly when working on technical projects to have some technical expertise. By default, that means he or she must be up to speed on cyber crime issues, concepts, resolutions and mitigation procedures. Are Business Analysts cyber security experts? Maybe not an expert, but they should be close with cyber and data security experts inside and outside of their organization.
Summary and Call for Input
My title for this article may be a bit strong. I conclude that the Business Analyst is not necessarily a cyber security expert. Business Analysts who may not have much cyber security knowledge should consider obtaining a high-level understanding of cyber security. If you are a Business Analyst working on technical projects such knowledge is of great benefit to the project and organization.
What are your thoughts? Are you a Business Analyst that feels cyber security is a good fit to drive cyber security awareness? Please share your thoughts and experiences with cyber security on the projects.