Aligning Business Analysis with Cybersecurity: Preparing for the UK's forthcoming Regulations on Cyber Resilience
Bindu Channaveerappa
Life often unfolds in unexpected ways, and it's only in hindsight that we can connect the dots. This July, alongside the launch of my book "Cyber Security and Business Analysis," we also launched cybersecurityforbusinessanalysts.com —a dedicated digital space for the BA community. This platform offers resources, including articles, webinars, and a comprehensive hands-on training program to help business analysts (BAs) gain cybersecurity awareness, understand core concepts, and develop practical skills.
Our mission is ambitious: to ensure every Business Analyst (BA) is cybersecurity literate by 2030. Cybersecurity is no longer a specialised subject. It has become a core component of organisational analysis. This goal has gained even greater significance with the UK government's recent Cybersecurity and Resilience Bill, which aims to strengthen the nation's cybersecurity framework in response to escalating cyber threats targeting both public and private sectors. The timing couldn't be more fortuitous, aligning perfectly with our mission to equip BAs with the knowledge and skills needed to protect and secure their organisations.
As the bill evolves into concrete regulations or whatever shape it takes, we must ask ourselves: what can the BA community do now to prepare and support this critical initiative? This article outlines ten actionable steps BAs can take now. Let me know if you would like to add more to this list.
1. Educate Yourself with Cybersecurity Knowledge:
This is the most crucial step and can be initiated through self-study, books, training, and certification. You can find resources on cybersecurityforbusinessanalysis.com and IIBA.org.
2. Develop a Security Mindset:
Understand the importance of a security mindset and always consider potential security implications in every aspect of your work.
3. Enhance Risk Assessment Skills:
Risk is the foundation of security. Therefore developing risk assessment skills and the eye for recognising security risks, threats, and vulnerabilities is crucial. Familiarise yourself with any frameworks that are being used within your organisation.
4. Integrate Cybersecurity from the Start:
Include cybersecurity stakeholders from the outset of any project. Whether discussing strategy, eliciting requirements, or designing systems, ensure security measures are considered from the beginning.
5. Collaborate with IT and Security Teams:
Build strong relationships with your organisation's cybersecurity team. Understand their processes challenges, and how you can support their efforts.
6. Understand Regulatory Requirements:
Familiarise yourself with regulations that impact your organisation. Learn how these regulations influence cybersecurity measures and business operations.
7. Get Acquainted with Incident Reporting and Management:
Understand the contents and processes of incident reporting and management. This knowledge is crucial for effectively handling security breaches when they occur.
8. Ensure Supply Chain Security:
Understand current processes for third-party vendors and suppliers to adhere to your organisation's cybersecurity practices and suggest process improvements as required. Supply chain security is a critical aspect of overall security.
9. Collaborate with Data Teams:
Work with data teams to learn about your organisation's data and how data analytics can help identify unusual activities and potential security breaches. Use this collaboration to provide actionable insights to the security team.
10. Attend Conferences and Webinars:
Stay updated with the latest trends and knowledge in cybersecurity by attending conferences and webinars. Most important is to share this knowledge with your BA peers and community.
