Write Up: The Human Factor in Cybersecurity

Posted by aharp017 on

22 June 2025

During this week’s reading, you’ve been exposed to different points of view regarding human contribution to cyber threats.  Now, put on your Chief Information Security Officer hat.  Realizing that you have a limited budget (the amount is unimportant), how would you balance the tradeoff of training and additional cybersecurity technology?  That is, how would you allocate your limited funds?  Explain your reasoning.

Humans have been known to make plenty of mistakes. With the world of technology, human mistakes can actually create a security breach causing damage to an organization. Ensuring a safe workspace with strong security measures and regular training can make a huge difference.

Training

As the CISO, I would arrange the budget more into training the employees. As humans, mistakes can easily be made. One of the best preventions as an organization is to ensure the employees have a strong understanding keeping the systems protected. As we have learned previously, employees need to have strong methods of authorization and need to only access the information and data they are authorized to use. Something as simple as copying data for a presentation is enough to create an unsafe environment for the data in an organization. Once information has been taken out of the software protecting it, then there is no longer any protection on that information (Capone, 2018).  It is important to keep in mind that some of the data breaches are intentional. This usually includes disgruntled employees or other inside employees. They will use their authorizations to access the data and intentionally leak, steal, or even destroy the information (Ewan, 2023). Training to resolve these issues must involve the higher ups as well. The training for these employees will include identifying the negative behaviors from employees. 

Cybersecurity Technology

The budget to implement newer cybersecurity measures is the next important step. Technology’s changes occur at a fast rate, creating the ability for criminals to learn more ways to break through firewalls already in place. If we can maintain the regular updates and test them before officially making them live, our system can keep the data and employee information safe. When the newer software requires different hardware then it is imperative to obtain these. If our budget is not handled correctly, then the possibility of a data breach is greater. Keeping too old of technology and the lack of updates allows for criminals to find methods to break through the system. Finally, the systems need to involve strict authorization protocols. The amount of access an employee has needs to remain limited (Capone, 2018). The types of software in these systems must remain active and accessible by only a select few who are specialized in the equipment. These individuals monitor the programs for any irregularities, as well as ensuring the programs are running properly and gathering the necessary information on the accesses of employees.

Conclusion

Keeping software, hardware, and employees up to date is the best way to ensure a strong security system is in place. Using the budgets in place in a smart way continues to keep that protection of sensitive information. Identifying and responding to the threat quickly requires the proper amount of resources.

References

Capone, J. (2018, May 25). The impact of human behavior on security. CSO Online. https://www.csoonline.com/article/565488/the-impact-of-human-behavior-on-security.html

Ewan, P. M. (2023). The Impact of Budgeting on the Risk of Cybersecurity Insider Threat Actions: From the Perspective of IT Engineers (Doctoral dissertation, Northcentral University).