Event Cover Image

Business Analysis & Cybersecurity

Nov. 18, 2025 6:00 p.m. - 7:30 p.m. Eastern Standard Time  

Event Image
As AI technologies advance deep fake capabilities, cyber threats are at an all-time high. An example is the 2024 case when an employee at Arup joined what looked like a perfectly normal video conference, but where real-time AI-generated deep fakes was convincing enough to believe that the CFO (a deep fake) was authorizing a series of transfers of $25 million USD before the fraud was discovered. This and other notable examples have revealed that some of the biggest risks come from within organizations themselves or supporting vendors, because of lack of awareness of how quickly the technology and resulting risks have evolved. Join Dr. Peter Riddell in a participatory discussion of the BA’s role and responsibilities in Information Security Risk (ISR) amongst the backdrop of this ever-changing ISR environment.

Event Description

While the BABOK® does not specifically define ISR, the BA plays a critical integrator role for ISR: ensuring security and privacy risks are identified early, built into strategy and requirements, and evaluated after implementation. Across the BABOK life cycle, the BA helps analyze current and future state security posture, plans elicitation and stakeholder engagement to include security and risk roles, embeds security as non-functional requirements, keeps security requirements traceable and prioritized, and supports solution evaluation using security KPIs as defined by ISR teams. Please bring your thoughts and any sanitized examples you may wish to contribute.
 
An underlying theme will be how the BA supports typical enterprise ISR or could be employed in a Security as a service (SaaS) organization or maybe in a hybrid role between the enterprise and a SaaS firm. As well as, to the career opportunities and specializations that may exist within these ISR specialized domains.

Learning Objectives

Topics for discussion are – how BAs:
  • Can apply practical BA techniques for stakeholder analysis, process integrity, and modeling threats and mitigations across the solution lifecycle​.
  • Identify and analyze ISR in the current and future state, including assets, data flows, vulnerabilities, and regulatory drivers.
  • Plan work to include security, engaging CISO, risk, compliance, legal, and data owners as core stakeholders.
  • Through elicitation, bring security into the conversation using use cases, fraud scenarios, and “what keeps you up at night?” questions.
  • Communicate security vulnerability risks as non-functional requirements (access control, logging, encryption, retention, segregation of duties) and model data/process flows to locate needed controls.
  • Manage and trace security requirements from risk scenario → requirement → design → test → control, keeping high-risk areas prioritized.
  • In solution evaluation, help define and interpret security KPIs and feed ISR learnings back into future changes.
  • Use BABOK skills and techniques—risk analysis, systems thinking, process/data modeling, decision analysis—the BA helps ensure that solutions don’t just deliver value, they safeguard it through:
○  cybersecurity vulnerabilities in business processes, with a focus on insider threats, access controls, and user authentication frameworks
○  design risk-aware requirements and security controls that align with regulatory frameworks (NIST, ISO 27001) and industry best practices
○  integrating business analysis activities with IAM, GRC, and SecOps programs—ensuring realistic, actionable requirements for cybersecurity solution delivery
○  facilitating cross-functional collaboration between business, technical, and operations teams to mature risk management and incident response capabilities
 
  • Emerging threats of including AI, Blockchain, Crypto and quantum technologies and other key trends.

About the Facilitator: Dr. Peter Riddell, DBA, MBA, B.Tech, PMP, CBAP, CISA, CISM, CRISC 

head shot of Dr. Peter Riddell
 
I am curious about science and how technologists theorize innovative ideas for Research and Development (R&D) in a business context. This curiosity has led to doctoral studies on how hypotheses emerge experimentally to overcome technological uncertainties and my current role in R&D incentives.
 
My key focus is Information Technology and Robotics with experience in R&D for a wide range of industries. As well I have credentials and  experience in Project Management, Business Analysis and Risk Management with a BTech in IT Forensic Investigation Cyber from  BCIT and 30 years + experience with ISR programs and risk mitigation. I also coach exam candidates for the CBAP certification via the local Vancouver IIBA chapter.

Event Details

Event Agenda:

  • 6:00 - 6:10 Virtual Networking
  • 6:10 - 6:25 Welcome & Introductions
  • 6:25 - 7:25 Presentation and Q&A
  • 7:25 - 7:30 Wrap Up

Who should attend: 

Open to all

Fee: 

Free for any IIBA Members | $10 for Non-Members

Note that IIBA Members must be logged in for the IIBA Member rate to appear during registration.

Troubleshooting Your Registration

You’ve logged in but there is no REGISTER NOW button. 

  1. Check the event’s date and time. The event may have ended.
  2. You may have already registered for the event. Go to My Events page (login required) to view your upcoming webinars. 

How to Cancel Your Registration

Return to your Zoom confirmation or reminder email and select the link to edit or cancel your registration.

CDUs/PD Hours: 

1 CDU towards recertification

Organizers

V

VP Professional Development
professionaldevelopment@ottawa-outaouais.iiba.org