Why do we have to do a risk analysis? When should it be done?
To answer these questions we have to take into account two approaches:
1. Cybersecurity
Information security is an element cross in the organization, that is, something that affects all the processes of a company; Furthermore, it is a procedure that is part of the security measures, including preventive.
2. Project Management
Although there are many methodologies and regulations, today to define project or service management they all have a set of activities in common, which we could summarize as follows: planning, analysis, execution, evaluation, maintenance and closure. By the way, they have a great similarity with the famous Continuous Improvement Cycle: Plan (to plan), Do (do), check (verify) and Act (Act or improve).
Although we could talk for hours about all these phases, we will focus on the planning and analysis phase.
Every project, service, application or process has a beginning phase, where we will generally answer the questions: What do we want? Why do we want it? Who is going to carry it out? Its viable?
In order to know if a project is viable, we must take into consideration many aspects, but those that concern us are: How many threats will it be exposed to? How likely is it that these threats will materialize? That is, at what risk? What risks do we face to carry out the project? The only way to answer these questions is to carry out the risk management process.
Once we know the risks to which we are exposed and we have decided to carry out the project, we will have to analyze how we are going to implement the solutions to deal with them and the implications it will have, that is, we will have to study how the security measures will affect the project requirements. To do this, we must actively participate in the definition of functional and non-functional requirements.
- Functional requirements are the part of the project where we define how we are going to implement what we want the project to do.
- Non-functional requirements are the part of the project in which we define how we are going to implement what the project has to do.
Therefore to answer the two initial questions:
Why do we have to do a risk analysis? Because it is a fundamental part of project management and is a determining factor in a feasibility study.
When should a risk analysis be done? From the beginning, that is, from the moment we have the idea of building a new service, since it provides us with the necessary information to implement a project or service properly.
In the EIP International Business School You will find the training you are looking for, updated and quality. Request information from us now to learn more about our Master in Cybersecurity.