November 12, 2023 

CYSE 200T 

BLUF 

The articles that were assigned to read this week centered around human contribution to cyber threats either maliciously or not. As the Chief Information Security Officer that has a limited budget, a strategic and balanced approach is outlined to maximize cybersecurity effectiveness. I place a great emphasis on training users and bringing awareness to cyber threats 

Human Behavior and Cyber Threats 

As the Chief Information Security Officer with a limited budget, my strategy revolves around a balanced allocation of resources to maximize cybersecurity effectiveness. Beginning with a thorough risk assessment, I will prioritize employee training and awareness programs to empower the workforce as a crucial defense layer, especially in October of every year since that is cybersecurity awareness month.  Employee training will hopefully mitigate social engineering attacks, Interpool found that 59 percent of the Covid-19 related cyber reaches involved phishing (Person, 2023).  A major amount of funds will be directed towards defending endpoint security. Network security equipment’s encompass firewalls, intrusion detection and prevention systems, and technologies providing visibility into network traffic for analysis. (Marble). Regular updates and patch management will be a priority to reduce vulnerabilities, and incident response and recovery measures are established for quick action during security incidents. The organization will also follow organizations such as CISA and government agencies to stay well-informed about potential security threats. While resources are allocated to maintain compliance with regulatory standards such as CISA There will also be regular security audits from an internal and external team to assess and identify weaknesses. This approach ensures a comprehensive cybersecurity strategy within the limited budget, with continuous reassessment to adapt to evolving threats. 

Conclusion  

The strategic allocation of limited cybersecurity funds requires a delicate balance between technological investments and bringing awareness to cyber threats. By prioritizing risk assessment, employee training, and robust endpoint and network security measures, organizations can fortify their defenses against a range of cyber threats. 

Citations 

Person. (2023, July 11). Human factors in cybersecurity: Protect yourself. Telefónica Tech. https://telefonicatech.com/en/blog/human-factors-in-cybersecurity#:~:text=The%20human%20factors%20in%20Cybersecurity,for%20a%20company%20or%20organization

Marble, J., Lawless, W., Mittu, R., Coyne, J., Abramson, M., Sibley, C. (2015). The Human Factor in Cybersecurity: Robust & Intelligent Defense. In: Jajodia, S., Shakarian, P., Subrahmanian, V., Swarup, V., Wang, C. (eds) Cyber Warfare. Advances in Information Security, vol 56. Springer, Cham. https://doi.org/10.1007/978-3-319-14039-1_9  

What is NIST Framework?

NIST

Facebooktwitterlinkedininstagramflickrfoursquaremail