{"id":295,"date":"2023-11-26T19:58:36","date_gmt":"2023-11-26T19:58:36","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/?p=295"},"modified":"2023-11-26T19:58:36","modified_gmt":"2023-11-26T19:58:36","slug":"the-human-factor-in-cybersecurity","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/2023\/11\/26\/the-human-factor-in-cybersecurity\/","title":{"rendered":"The Human Factor in Cybersecurity"},"content":{"rendered":"\n<p><strong>BLUF<\/strong><\/p>\n\n\n\n<p>As a Chief Information Security Officer, I would allocate as many funds as I could for<br>the basic training and use whatever I have left for the technology. Prioritizing importance on<br>training is very helpful in cases of attacks or other malicious events. Technology is also<br>important as a factor; however, you only need certain technologies to keep the business safe,<br>having the knowledge of how to use it is more important.<\/p>\n\n\n\n<p><strong>Tradeoff of Training<\/strong><\/p>\n\n\n\n<p>Training is a very valuable tool in dealing with any type of discipline especially with<br>Cybersecurity. In the Cybersecurity and Information Technology fields, the technologies and<br>methods change frequently making even the head of departments have to stay well informed. If I<br>was a Chief Information Security Officer, training my employees would be the first thing I<br>prioritize. According to Forbes.com, Cybersecurity awareness training is very important not just<br>for business use but also personal use as well as it can act as a sort of firewall. \u201cEducate and train<br>employees and stakeholders on best practices to prevent or reduce breaches that target insiders,<br>such as phishing. Just over a third (34%) of cyberattacks involved internal actors in 2018.\u201d<br>(Forbes 2019.) As explained here, educating employees on best practices could prevent or reduce inside breaches through phishing as just about a third is due to internal actors. With a limited<br>budget, it would be important to focus on training the employees that may not have much<br>information about cybersecurity or just general safety practices when on the internet. Having this<br>training can strengthen the human firewall which up to date is still one of the most vulnerable<br>parts of a business.<\/p>\n\n\n\n<p><strong>Additional technology<\/strong><\/p>\n\n\n\n<p>Additional technology can be very important in a business standpoint, especially ones in<br>need of cybersecurity. These technologies can include Artificial Intelligence and Machine<br>Learning, Anti-Malware, Firewalls, two factor authentication, and more. Investing in these<br>technologies can provide for a safer network and are usually needed with the number of viruses,<br>malware, and bad actors that are online trying to steal information or harm company assets.<br>\u201cEvery day the federal government fends off tens of thousands of cyberattacks from<br>adversaries&#8230;To fight back, government agencies use cybersecurity tools. As the hackers have<br>gotten more sophisticated so have the tools to stop them. Agencies need to protect data at every<br>stage of its life from the moment it is collected, to when it is transmitted, to where it is stored and<br>finally until it is deleted.\u201d (Nitaac.gov 2020). These quotes from the article explain why it is very<br>important to have these tools in place, as if there was no protection than all our information that<br>is private or personal identifiable could be used in a malicious way. However, it fails to mention<br>just how important the human factor is in everything, even the slightest mess up by a high-<br>ranking employee can compromise the entire company.<\/p>\n\n\n\n<p><strong>Conclusion<\/strong><\/p>\n\n\n\n<p>If I was a Chief Information Security Officer, I would want to balance the amount of the<br>budget to train employees and executives of the company of basic cybersecurity practices as well<br>as get technology that can serve the companies purpose well enough. This would include a<br>firewall and two factor authentication at the very least. These are both very important to have in<br>a company setting, however I still believe that the human factor is the weakest link and should be<br>prioritized more. Knowledge in the field can keep the company from losing as many assets<br>compared to just spending on only technologies because even the strongest protection can be<br>broken by the inside.<\/p>\n\n\n\n<p>Works Cited:<br>Forbes. \u201cThe Importance of Training: Cybersecurity Awareness As A Firewall.\u201d Fortinet,<br>Forbes.com,<br>https:\/\/www.forbes.com\/sites\/insights-fortinet\/2019\/08\/27\/the-importance-of-training-<br>cybersecurity-awareness-as-a-firewall\/?sh=60ba87258b4b<br>(Accessed November 2023)<br>Director\u2019s Corner. \u201cThe Importance of Cyber Technologies in Government.\u201d NITAAC,<br>nitaac.gov,<br>https:\/\/nitaac.nih.gov\/resources\/articles\/importance-cyber-technologies-government<br>(Accessed November 2023)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>BLUF As a Chief Information Security Officer, I would allocate as many funds as I could forthe basic training and use whatever I have left for the technology. Prioritizing importance ontraining is very helpful in cases of attacks or other malicious events. Technology is alsoimportant as a factor; however, you only need certain technologies to&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/2023\/11\/26\/the-human-factor-in-cybersecurity\/\">Read More<\/a><\/div>\n","protected":false},"author":26016,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/wp-json\/wp\/v2\/posts\/295"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/wp-json\/wp\/v2\/users\/26016"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/wp-json\/wp\/v2\/comments?post=295"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/wp-json\/wp\/v2\/posts\/295\/revisions"}],"predecessor-version":[{"id":296,"href":"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/wp-json\/wp\/v2\/posts\/295\/revisions\/296"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/wp-json\/wp\/v2\/media?parent=295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/wp-json\/wp\/v2\/categories?post=295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/alexanderconrad-cyse200t\/wp-json\/wp\/v2\/tags?post=295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}