Logged in as    

The Value of a Business Analyst in Cybersecurity

by Business Analysis,

The importance of cybersecurity has never been greater, even though it has been a hot topic for a while. Small firms and sometimes large firms that experience a cyber-attack tend to shut down because the damage caused to the customer confidence and brand often makes it too difficult for them to recover. The COVID-19 pandemic is affecting businesses and altering how business analysts work; the vast increase in the rate of cyber-crimes factors means that cybersecurity needs to be at the top of the agenda. According to IIBA, 87% of a business analyst’s skills in risk management are essential to work on cyber security projects.

Business analysis methods enhance productivity, promote best practices and standardization, and foster process agility. The business analysis experts are skilled at using critical judgement and systems thinking skills based on thorough problem analysis to determine what functionality a system should or should not have. If these questions are asked for every requirement, the implemented solution will have a higher possibility of acceptance and reconciling value.

Although modern technology has made it simple for businesses to update their security procedures, hostile hackers increasingly use sophisticated technologies. This indicates that companies must adopt proactive measures and strict cybersecurity rules to lower the cybersecurity risk. Business analysts can engage with stakeholders and analyse prevention, detection, and remediation of the data that requires protection, at high risk of exploitation, and eliminate these risks. Conducting a risk assessment determines the vulnerabilities in the organisation, which can help uncover potential gaps in the organisation’s security controls.

Risk Mitigation

Risk assessment is a crucial component of risk management. Business analysts can identify a business’s internal and external weaknesses and determine how these vulnerabilities might be exploited. This will help the business analyst prioritise risks so they can be addressed in the order of importance.

The first phase of a project is to understand the organisation and the business unit. Next, identify the scope of analysis. A broad understanding of the organisation will give business analysts the magnitude of the problem and opportunity. The business analyst will establish RASCI by creating effective RASCI charts. A RASCI chart, sometimes referred to as a RACI chart, is tool business analysts use to delegate tasks during a project. It streamlines communication, prevents work overload, and sets expectations for team members. There are many ways to do it, and one of the ways is to get a complete understanding of the AS-IS process diagrams by outlining the processes with the help of the stakeholders. These process diagrams will help the stakeholders understand the process from a high level. Business analysts call it “Level 0.” It can be drilled down from “Level 0” to the lowest level possible-Level 1, Level 2, Level 3, and so on. The AS-IS process diagrams will give the business analyst a good knowledge of the existing processes and provide insights into defining the TO-BE processes. A good understanding of the AS-IS process helps the business analyst identify the pain points, bottlenecks, inefficiencies, manual processes, bright spots, and non-value-added activities.

The TO-BE processes defined by the business analyst should resolve all the inefficiencies and weaknesses, apart from providing new features and functionalities. Once the TO-BE processes are documented, it needs to be validated by the business users. This validation is a mandatory one.

Business analysts do not look at requirements in isolation. They always understand the business and every single element of what it supports – via the processes used to deliver and support the business products and services. This helps the business analyst to connect the dots, and the requirements will merely trace into place. Knowing what is critical and why it is necessary will help the business analyst recommend the right solutions to the business problems.

A common mistake in requirements elicitation is to approach it without a plan. This is the leading cause of analysis paralysis whereby further analysis is needed to provide direction – much like digging your way out of a hole. Define the start and end points and plan a rational process in between. We all know that the conditions are merely inputs into a software design, therefore it makes sense that the requirements elicitation should also be conducted logically in a way that the translation becomes simple. This will aid the business analyst in translating the needs into a solution.

The requirement could relate to a small portion of the overall business processes. However, it is always good to understand the need from a big picture view, as it may trigger another business process change somewhere else. Therefore, a change in a related system may be required if the ongoing requirement is to be fulfilled.



Business analysts help the organisation leverage the new technology platform the business will use or recommend securing the one currently in use. In addition, business analysts recommend doing things more innovatively and efficiently, though it may not be familiar to the users. After all, the organisation is transforming its business processes to protect its data and privacy. Business analysts can analyse cybersecurity and instruct end users and other professionals on how to protect firm data. This is why business analysts are so valuable to organisations when conducting a cyber risk assessment.

Make an Enquiry

We're glad to help and answer any questions you might have.

Send us a message

For Landlines – (##) #### ####

Please login below to access this page