IIBA Cybersecurity Analysis (CCA) Certification Training

Overview

This intensive experiential training program delivered by one of the co-authors of the CCA certification, prepares participants for the IIBA Cybersecurity Analysis (CCA) certification. Designed specifically for professionals looking to bridge the gap between business analysis and cybersecurity, the course provides comprehensive insights into cybersecurity concepts, practices, and the role of a Business Analyst in supporting a robust security posture.

Participants will gain the knowledge, skills, and techniques required to analyse and manage cybersecurity risks, define and validate cybersecurity requirements, and contribute to organizational resilience against threats.

Who Should Attend?

·        Business Analysts or those who are using BA skills seeking to educate in cybersecurity.

·        Professionals preparing for the IIBA CCA certification.

·        Project Managers, Product Owners, or Stakeholders involved in cybersecurity-related projects.

·        IT professionals transitioning to roles involving cybersecurity.

Course Objectives

By the end of this course, participants will be able to:

·        Understand key cybersecurity concepts and terminologies.

·        Align business analysis practices with cybersecurity requirements.

·        Analyse and address cybersecurity risks using BA techniques.

·        Collaborate with cybersecurity teams to implement effective controls.

·        Prepare confidently for the IIBA CCA certification exam.

Contents

  • 1.1 IIBA and IEEE Perspective: Overview of Concepts and Approach to Improving Cybersecurity 1

    1.2 Importance of Security 5

    1.3 IT Functions & Roles 9

    1.4 IT 101 - 1: The Pieces 14

    1.5 IT 101 - 2: Using & Managing the Pieces 18

    1.6 IT 101 - 3: Advancement 24

    1.7 The Role of Business Analysis in Cybersecurity 28

    1.8 Governance Perspectives of Cybersecurity 32

  • 2.1 Security Accountability 39

    2.2 Cost of Securing an Organization 42

    2.3 Outsourcing for Cybersecurity Expertise and Services 45

    2.4 Risk Tolerance 48

    2.5 Compliance 50

    2.6 Best Practices and Benchmarking 54

    2.7 Data Privacy 56

    2.8 Data Privacy Nuances 59

    2.9 Digital Rights Management (DRM) 62

    2.10 Audit – Internal and External 65

  • 3.1 Risk Management & Control Assurance Framework 71

    3.2 Organizational Risk Assessment 74

    3.3 Risk Analysis: Threat Risk Assessments 77

    3.4 Risk Analysis: Vulnerability Assessments 80

    3.5 Business Case Development 83

    3.6 Disaster Recovery and Business Continuity 86

  • 4.1 Understanding Security Controls and IT Risk: Part 1 91

    4.2 Understanding Security Controls and IT Risks: Part 2 94

    4.3 CIA Triad 98

    4.4 Applying Controls 102

    4.5 Cybersecurity Threats: Part 1 106

    4.6 Cybersecurity Threats: Part 2 112

    4.7 Cybersecurity Vulnerabilities: Part1 115

    4.8 Cybersecurity Vulnerabilities: Part 2 118

    4.9 Adverse Impacts 123

    4.10 Risks and Controls – Putting It All Together 127

  • 5.1 Physical Security 137

    5.2 Endpoint Security 140

    5.3 Network Security: Security Architecture 142

    5.4 Network Security: Firewalls 145

    5.5 Network Security: Anti-Virus/Anti-Malware 148

    5.6 Network Security: Segregation 150

    5.7 System Security: Servers 152

    5.8 Platform Security 155

    5.9 Product Security: Threat Models 158

    5.10 Product Security: Embedded Systems 161

    5.11 Product Security: Internet of Things 163

  • 6.1 Data Security At Rest: Information Classification & Categorization 167

    6.2 Data Security In Transit: Encryption and Keys 170

    6.3 Data Security In Transit: SSL/TLS 173

    6.4 Data Security In Transit: Digital Signature and Identification 175

  • 7.1 Directory Management 181

    7.2 Authorization 185

    7.3 Authentication and Access Control 188

    7.4 Privileged Account Management 192

    7.5 Users and Security Awareness 195

  • 8.1 SDLC and Solution Security Planning 199

    8.2 Requirements and Security Engineering 202

    8.3 Requirements and Solution Development 205

    8.4 Solution Security: Applications 208

    8.5 Solution Security: Databases 211

    8.6 Solution Security: Web 214

    8.7 Change Impact Analysis 217

  • 9.1 Incident Response, Recovery, and Remediation 223

    9.2 Metrics and Reporting 228

    9.3 Risk Logging and Mitigation Tracking 231

    9.4 Operational Risk Ownership 234

    9.5 Computer Forensics: SOC, SIEM 236

    9.6 Future Proofing your Security Posture 239

Exam Preparation:

  • Mock test, review of key concepts, tips, and strategies for the IIBA CCA exam.

Course Format

  • Interactive lectures and experiential learning.

  • Hands-on activities and group exercises.

  • Real-world case studies and scenarios.

  • Mock tests and guided exam preparation sessions.

Prerequisites

  • Basic understanding of business analysis concepts.

  • Familiarity with cybersecurity fundamentals is helpful but not mandatory.

  • Computer with camera, mic, speaker and high speed internet connectivity that supports seamless audio and video capabilities.

Duration:

  • 2 Days (8 hours/day)

  • 4 Half Days (4 hours/day)

Delivery:

  • Virtual live sessions

Instructor Profile

  • The course is led by one of the co-authors of the IIBA CCA  Certification, author of the book “Cybersecurity and Business Analysis” published by BCS The Chartered Institute for IT.

Available Dates

2 Full Days:

  • February 1st and 2nd from 9 am to 5 pm UK time

4 Half Days:

  • February 6th from 3 – 7 pm UK time

  • February 13th from 3 - 7 pm UK time

  • February 20th from 3 - 7 pm UK time

  • February 27th from 3 - 7 pm UK time