When deciding to develop a system with sensitive data, the MOST important thing to include in a business case is a risk assessment to determine the appropriate controls. A business case is a document that provides the rationale and justification for initiating a project or investment1. It includes information such as the objectives, scope, benefits, costs, risks, assumptions, and success criteria of the proposed project or investment2. A risk assessment is a process of identifying, analyzing, and evaluating the potential threats and impacts that could affect the project or investment3. A risk assessment can help to:
Identify the sources and types of risks associated with developing a system with sensitive data, such as data breaches, data loss, data corruption, unauthorized access, compliance violations, etc.4
Analyze the likelihood and severity of the risks occurring and their consequences on the project or investment5
Evaluate the current and planned controls to mitigate or prevent the risks, such as encryption, access control, data backup, data activity monitoring, etc.
Prioritize the risks and controls based on their importance and urgency
Communicate and document the risks and controls to stakeholders and decision-makers
Therefore, a risk assessment to determine the appropriate controls is essential for developing a business case for a system with sensitive data, as it can help to demonstrate the feasibility, viability, and desirability of the project or investment.
The other options are not as important as option A. While it is useful to have an updated enterprise architecture (EA), a skills gap analysis, and the additional cost of encrypting sensitive data, these are more operational and tactical aspects that can be determined later in the implementation phase. They are not critical for developing a business case for a system with sensitive data, which should focus more on the strategic direction and value proposition of the project or investment. References :=
How to Write a Business Case - ProjectManager.com2
Business Case Development - Project Management Institute1
What is Risk Assessment? Definition & Examples | ASQ3
Data Security: How to Secure Sensitive Data - DATAVERSITY4
Risk Analysis: Definition & Examples | ASQ5
Data access control and data activity monitoring - IBM Cloud …
Risk Evaluation: Definition & Examples | ASQ
Risk Communication: Definition & Examples | ASQ
