hours

30

language

English

Skills Gained

By the end of this workshop, you will be able to:

  • Cybersecurity analysis knowledge areas.
  • Understand cybersecurity frameworks
  • Business Analyst’s focal points for each knowledge area.
  • How cybersecurity must be baked into business solutions.
  • How to apply cybersecurity techniques and concepts.
  • How to engage senior managers to elicit security requirements
  • Cybersecurity analysis work practices

Topics Covered

  • General Awareness: Understands the role of Business Analysis in Cybersecurity
  • Practical Knowledge: Follows Rules to conduct a stakeholder analysis
  • Practical Knowledge: Follows Rules using existing documentation to draft a RACI for a Cybersecurity project or program initiative
  • General Awareness: Understands how to locate the organization's security framework or model, or know that one does not yet exist
  • General Awareness: Understands what an Information Security Management System (ISMS) is and its objective
  • General Awareness: Understands what data privacy is
  • General Awareness: Understands the difference between an internal and external audit
  • Practical Knowledge: Follows Rules and knows the difference between compliance and best practice
  • General Awareness: Understands what a cyber risk is
  • General Awareness: Basic Knowledge of what a Cybersecurity Risk Assessment is
  • Practical Knowledge: Follows Rules for the inputs to a Business Case that BAs are typically responsible for
  • General Awareness: Understands what Disaster Recovery Plans and Business Continuity Plans are
  • Practical Knowledge: Follows Rules to develop a business process flow diagram, and identify steps along the path that present potential cybersecurity vulnerabilities
  • General Awareness: Understands what Cybersecurity Controls are and where to find various versions
  • General Awareness: Understands the three attributes of secure information: confidentiality, integrity and availability
  • General Awareness: Understands the difference between a cyber threat and a cyber vulnerability
  • Practical Knowledge: Follows Rules to identify typical impacts of a cyber-attack to an organization
  • General Awareness: Understands that there are multiple layers of technology to protect
  • General Awareness: Understands what is meant by Endpoint Security
  •  
  • General Awareness: Understands what Information Classification means
  • General Awareness: Understands what Information Categorization means
  • General Awareness: Understands what Data Security at Rest means
  • General Awareness: Understands what Data Security in Transit means
  • General Awareness: Understands what Encryption is
  • General Awareness: Understands what a Digital Signature is
  • General Awareness: Understands what authentication is
  • General Awareness: Understands what access control means
  • General Awareness: Understands what Privileged Account Management is
  • Practical Knowledge: Follows Rules and is familiar with key actions employees should take responsibility for to maintain security
  • General Awareness: Understands the principle of least privilege
  • Practical Knowledge: Follows Rules to elicit user access requirements
  • Practical Knowledge: Follows Rules to identify a Security Requirement when presented with a list of requirements
  • General Awareness: Understands what SaaS, IaaS and PaaS are
  • Practical Knowledge: Follows Rules to document a current state business process including current technology
  • General Awareness: Understands a target state business process for a cybersecurity initiative
  • General Awareness: Understands how to create and maintain a risk log
  • General Awareness: Basic Knowledge of the four risk treatment options: Accept, Avoid, Transfer, Mitigate
  • General Awareness: Understands what residual risk is
  • General Awareness: Understands how to create a report template for Security metrics
  • General Awareness: Understands Root Cause Analysis
  •  
  • minimize course outline