Cybersecurity issues have significantly impacted the business world. It has shown the vulnerabilities our companies, and agencies now face. Some breaches of security have already crippled companies and compromised millions of citizens’ privacy and identities. What can the BA profession do to assist in this significant problem area?
IIBA® is working with IEEE to examine this issue to determine how we can best provide guidance, and improve the way we practice our craft to make sure security is “built-in” and not just bolted onto our applications, our business processes, and our risk plans. BAs have a role as trusted advisors to the business, and we need to step up to the challenges presented by cybersecurity.
Certainly, we need to bring the cybersecurity perspective to the area of requirements management so that the business can understand the issues, and make informed decisions based on good analysis and good solution assessments. BAs have a responsibility to become better informed to bring good security practices forward in the requirements area. Requirements also expand beyond the functional and non-functional area, and extend to information privacy, business resumption planning, and other areas that surround the cybersecurity space.
At BBC 2017, IIBA together with IEEE, presented our first discussion on the topic of cybersecurity. We are inviting industry, government experts, and volunteers to help us look at how we define cybersecurity that directly applies to the BA profession. BAs do not need the same knowledge and skills as the security professionals they will be working with, but they do need working knowledge of the latest in cybersecurity to continue to be effective in most areas. We need to understand how to collaborate with the information systems, security professionals, and our business partners to bring about the changes that are much needed.
Cybersecurity issues not only directly impact our information systems and our data, but ripple back into our business processes and almost every other area that BAs touch. Of course, the costs and impact of making our world totally safe have limitations, so we need to advise on how appropriate risk management can be applied. This kind of critical judgement and systems thinking, based on good analysis of the problem, is what we, as BAs, are all about.
This article is a call to action for us as professionals to begin to educate ourselves in cybersecurity. Many in our community are already engaged and knowledgeable; many have much to offer to the rest of the community. We had a few people who stepped forward at BBC to volunteer to help, but we invite more of you to come forward, so we can build a network of people who can share this passion. Contact firstname.lastname@example.org if you want to be part of this network, but this is also an open invitation to send in your comments and suggestions.