Why do we have to do a risk analysis? When should it be done?

To answer these questions we have to take into account two approaches:

1. Cybersecurity

Information security is an element cross in the organization, that is, something that affects all the processes of a company; Furthermore, it is a procedure that is part of the security measures, including preventive.

2. Project Management

Although there are many methodologies and regulations, today to define project or service management they all have a set of activities in common, which we could summarize as follows: planning, analysis, execution, evaluation, maintenance and closure. By the way, they have a great similarity with the famous Continuous Improvement Cycle: Plan (to plan), Do (do), check (verify) and Act (Act or improve).

Although we could talk for hours about all these phases, we will focus on the planning and analysis phase.

Every project, service, application or process has a beginning phase, where we will generally answer the questions: What do we want? Why do we want it? Who is going to carry it out? Its viable?

In order to know if a project is viable, we must take into consideration many aspects, but those that concern us are: How many threats will it be exposed to? How likely is it that these threats will materialize? That is, at what risk? What risks do we face to carry out the project? The only way to answer these questions is to carry out the risk management process.

Once we know the risks to which we are exposed and we have decided to carry out the project, we will have to analyze how we are going to implement the solutions to deal with them and the implications it will have, that is, we will have to study how the security measures will affect the project requirements. To do this, we must actively participate in the definition of functional and non-functional requirements.

Functional requirements are the part of the project where we define how we are going to implement what we want the project to do.

Non-functional requirements are the part of the project in which we define how we are going to implement what the project has to do.

Therefore to answer the two initial questions:

Why do we have to do a risk analysis? Because it is a fundamental part of project management and is a determining factor in a feasibility study.

When should a risk analysis be done? From the beginning, that is, from the moment we have the idea of building a new service, since it provides us with the necessary information to implement a project or service properly.

In the EIP International Business School You will find the training you are looking for, updated and quality. Request information from us now to learn more about our Master in Cybersecurity.

Subscribe to our newsletter to stay up to date with all the news

Name and surname *

Email *

*I give my express consent and accept the Privacy Policy.

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SA as the person responsible for this website. The purpose of collecting and processing personal data is to respond to the query made as well as to send information about the services of the data controller. Legitimation is the consent of the interested party.
You can exercise your rights of access, rectification, limitation and deletion of data in compliance@grupomainjobs.com as well as the right to file a claim with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find in our Web page