Human Factors in Cybersecurity

Posted by cgreg017 on
When looking at all of the different views of human contribution to cyber threats, we see that humans contribute in a lot of different ways whether it be for a good thing or a bad thing. A lot of contributions to cyber threats range from different age groups, it differs between White Hat Hackers and Black Hat Hackers, and also differs between the reasoning behind the threats and attacks. Humans are the key factor in cyber threats and while technology improves the circumstances for personnel, it would be better in improving the counter threat since It’s much more important to teach humans since technology can’t work how it should without the human training needed for it.

Balancing Training and Cyber Technology

As a CISO I would look over the threat assessments and look over the efficiency of employees, to see what is happening and to see what needs to be improved on to limit future threats. Once everything has been looked at and talked over with the higher ups, that’s when I would start researching to see if there are newer threats and if those threats are still within the training and the stuff that we already are aware of. For me as a CISO I will usually value training more than the additional cyber technology, because of Cybersecurity always being a constantly changing and evolving field when it comes to cyber threats the value of being able to constantly train and inform employees will always keep us ready for anything. If I view that there aren’t any new threats emerging at that time, I would decide to prioritize giving more additional technology to help improve efficiency and workflow for employees, to help limit and catch any threats early on before they get out of control.

Allocations of Funds

Knowing the situation as a CISO that we have limited funding I would make the decision to always allocate more funds to training, because everything revolves around human contribution and without updated training on additional technology it won’t work as efficiently as it should. Being able to put more funding into training will help prepare for old threats and newer threats, without having to rely on additional technology. Also when it comes to additional technology funding and time will be needed to get everything set up, and taking into account that if any problems occur during the setup process could cost more funding.

Conclusion
Being a CISO in the Cybersecurity field is always needing to be prepared for current threats and future threats, you always need to be ready and make decisions on what is needed to make sure that the organization is ready for anything that may happen. Prioritizing training is more valuable to make sure that employees are ready for any threat and being able to make sure that everybody in the organization is always aware of what is happening at all times. While additional technology is also a good thing and can help out in catching threats easier and protecting assets, technology will still need human involvement in making sure everything is working right and the set up is done correctly. Limited funding happens all the time and can definitely be a pain to deal with, but having the ability to decide on what the organization needs and being able to figure out what needs certain amounts of funding can give you the power to decide on what can make the job easier and more secure.

Reference

Google. (n.d.-b). 12a – USING_LABELING_THEORY_AS_A_GUIDE_TO_EXAMINE_THE_PA module11.pdf. Google Drive. https://drive.google.com/file/d/1nVyXy0Ty1v5f6U5oClx2LMz-TIOuQehE/view
Google. (n.d.-a). 05b_6329-white-collar-cybercrime-white-collar-crime-cybercrime-or-both-module7.pdf. Google Drive. https://drive.google.com/file/d/1id2JHiAfyUjuKj0necP4AKE3gZFrD7__/view

Leave a Reply

Your email address will not be published. Required fields are marked *