IIBA Toronto Speaker Series

Wednesday, March 25, 2020  8 pm Online

Topic  |  Improve Cyber Security Resilience

Presentation with Q&A 

Overview

Event participants will have an understanding of to utilize business analyst enterprise analysis skills to guide projects to greater success by getting these foundational solution-guiding inputs correct:

• Business objectives related to enterprise / domain goals

• Demonstrable expected benefits related to valuable process outcomes

• Tim will use the new IIBA CCA study guide by using examples from Cybersecurity Projects with notoriously difficult-to-quantify benefits.

Learning Objectives

To enable us to challenge poorly-expressed project objectives and expected benefits – and to determine good objectives and benefits – we will cover off these topics:

• Review enterprise strategies / goals and objectives
• • how processes deliver valuable outcomes to meet objectives which lead to achieving strategic goals

• Discuss why problems with processes’ ability to deliver their valuable outcomes lead to projects
• • How to capture process metrics on valuable outcomes, especially when not obvious such as running a cybersecurity service

• Explain the value of getting Project business objectives + measurable expected benefits up front
• • versus project solution deliverables and success criteria

• Illustrate everything with examples from Cybersecurity Control Enhancement Projects

Presenter

Tim Hannan

BA, CPAP, CSM

Certifications in progress – CISSIP, IIBA CBA

• Roles since 1996 include BA, BSA, BA Manager, and Consultant on IT Projects for two of the big five Canadian banks
• Part-time Instructor delivering Masters Certificate in Business Analysis at Durham College (2009-2016)

Location

Online using Zoom

Background

Explaining the value of clearly identified business goals that spawn project business objectives, and which lead to measurable expected benefits, can be quite difficult in the Cybersecurity Domain.

IT personnel hope that the simple truth of the value of understanding real business goals behind projects, will shine through the example of a typical effort to enhance processes which deliver some Cybersecurity Service.  The various components, or controls, of a strong cybersecurity program exists fundamentally to protect the Confidentiality, Integrity and Availability (CIA) of important information assets of a business.

Enterprises are often mandated by external regulatory bodies to comply with recommended controls described in industry standards such as  National Institute of Standards and Technology (NIST) Framework For Improving Critical Infrastructure Cybersecurity.  Projects in this domain are dominated by complex technologies, mostly deployed by serious and often frazzled network and/or security engineers at the network infrastructure layer.  Expounding on Business Goals of the Information Security Domain is not a priority for them.  Their efforts see mostly complex, specialized vendor solutions deployed to mitigate against the risk of legions of malicious threat actors constantly probing to infiltrate, compromise and exploit a business’ valuable information assets.

Projects seek to strengthen controls against inherent risks with mostly devastating, unacceptable downsides.  Stated in the positive, projects seek to enhance cyber-resilience, determine what are the units of cyber-resilience that we will use to measure benefits realized.

While the Technology Operations teams managing the various Cybersecurity Services might not care so much about Goals & Objectives and Business Benefits realized, there exists those for whom this matters. 

Not surprisingly in these days, intense concern over the state of cybersecurity effectiveness is usually found at the level of the Board of Directors – especially in financial or health services companies.  They want to know that their investment in particular projects delivered perceptible benefits. This is where the business analysis practitioner can help.

Event Particulars

Wednesday, March 25, 2020  8 PM ET

Time: 8 pm – 9:30 pm

With Q&A