{"id":240,"date":"2025-11-21T16:20:07","date_gmt":"2025-11-21T16:20:07","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/?p=240"},"modified":"2025-11-21T16:20:07","modified_gmt":"2025-11-21T16:20:07","slug":"the-human-factor-in-cybersecurity","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/2025\/11\/21\/the-human-factor-in-cybersecurity\/","title":{"rendered":"The Human Factor In Cybersecurity"},"content":{"rendered":"\n<p class=\"has-black-color has-text-color has-link-color wp-elements-1733355d28128e25a6976510313bb764\"><strong>Introduction<\/strong><br>As Chief Information Security Officer (CISO), one of the biggest challenges is deciding how to spend a limited cybersecurity budget wisely. While technology provides the backbone of protection, human behavior remains one of the greatest risks to an organization\u2019s security (Milnes, 2025). Achieving the right balance between technical controls and employee training is essential to prevent, detect, and respond effectively to cyber threats.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color has-link-color wp-elements-7c81d810e9b678baddae250a96014e16\"><strong>Investing in Technology<\/strong><br>Approximately half of the budget should go toward core technologies that immediately reduce technical vulnerabilities. This includes implementing multi-factor authentication to prevent unauthorized access, automated patch management to minimize exploit windows, and endpoint protection to detect malware or intrusions early (Humphreys, 2023). Additionally, secure backup systems and basic network segmentation can greatly reduce the impact of ransomware or other attacks (Milnes, 2025).<\/p>\n\n\n\n<p class=\"has-black-color has-text-color has-link-color wp-elements-e1347c060095f4accc4451d6e5036d9d\"><strong>Investing in People<\/strong><br>Around 40% of the budget should focus on developing a strong security culture through education and engagement. Targeted phishing simulations, role-based training, and security awareness programs teach employees how to recognize and respond to cyber threats (Osterman Research, 2019). Launching a Security Champions Program\u2014training select individuals in each department to promote good practices\u2014amplifies this impact at a low cost. Since human error is a leading cause of breaches, consistent training can drastically lower the organization\u2019s overall risk (Keno\u00adsha.com, 2025).<\/p>\n\n\n\n<p class=\"has-black-color has-text-color has-link-color wp-elements-481cb2f381d30de8441fe0a449c153fb\"><strong>Continuous Improvement and Risk Assessment<\/strong><br>The remaining 10% of the budget should be reserved for continuous improvement initiatives such as periodic audits, risk assessments, and small-scale pilot programs (Klogix Security, n.d.). Tracking metrics like phishing click rates, patch completion times, and incident response speed helps evaluate effectiveness and justify future investments (Milnes, 2025). This ensures that spending decisions remain data-driven and adaptable to emerging threats.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color has-link-color wp-elements-05f62f48f06fe9c08ae481b562dfb6be\"><strong>Conclusion<\/strong><br>Cybersecurity is strongest when technology and people work together. By strategically splitting a limited budget between technological safeguards and comprehensive user training, organizations can achieve sustainable, cost-effective protection. A balanced approach doesn\u2019t just defend systems; it empowers people to become active participants in securing their digital environment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-black-color has-text-color has-link-color wp-elements-b265f41e18506a9a77ff4efc33636b62\">References<\/h3>\n\n\n\n<p class=\"has-black-color has-text-color has-link-color wp-elements-37c78e1f7bd3ca61b4374b5b8d317e41\">Humphreys, E. (2023, April 20). <em>Budgeting as a CISO: Software vs. Training<\/em>. WordPress. <a href=\"https:\/\/sites.wp.odu.edu\/emma-humphreys\/2023\/04\/20\/budgeting-as-a-ciso-software-vs-training\/?utm_source=chatgpt.com\">https:\/\/sites.wp.odu.edu\/emma-humphreys\/2023\/04\/20\/budgeting-as-a-ciso-software-vs-training\/<\/a><br>Kenosha.com. (2025, June 12). <em>How does human error relate to security risks?<\/em> <a href=\"https:\/\/www.kenosha.com\/2025\/06\/12\/how-does-human-error-relate-to-security-risks\/?utm_source=chatgpt.com\">https:\/\/www.kenosha.com\/2025\/06\/12\/how-does-human-error-relate-to-security-risks\/<\/a><br>Klogix Security. (n.d.). <em>CISO Q&amp;A: Cybersecurity Budgets<\/em>. <a href=\"https:\/\/www.klogixsecurity.com\/blog\/ciso-qa-cybersecurity-budgets?utm_source=chatgpt.com\">https:\/\/www.klogixsecurity.com\/blog\/ciso-qa-cybersecurity-budgets<\/a><br>Milnes, N. (2025). <em>The human factor in cybersecurity<\/em> [PDF]. <a href=\"https:\/\/sites.wp.odu.edu\/nathanmilnes\/wp-content\/uploads\/sites\/34303\/2023\/11\/The-Human-Factor-in-Cybersecurity-Nathan-Milnes.pdf?utm_source=chatgpt.com\">https:\/\/sites.wp.odu.edu\/nathanmilnes\/wp-content\/uploads\/sites\/34303\/2023\/11\/The-Human-Factor-in-Cybersecurity-Nathan-Milnes.pdf<\/a><br>Osterman Research, Inc. (2019). <em>The ROI of Security Awareness Training<\/em>. <a href=\"https:\/\/ostermanresearch.com\/wp-content\/uploads\/2021\/01\/ORWP_0313-The-ROI-of-Security-Awareness-Training-August-2019.pdf?utm_source=chatgpt.com\">https:\/\/ostermanresearch.com\/wp-content\/uploads\/2021\/01\/ORWP_0313-The-ROI-of-Security-Awareness-Training-August-2019.pdf<\/a><br>KnowBe4. (n.d.). <em>The outstanding ROI of KnowBe4\u2019s security awareness training platform<\/em>. <a href=\"https:\/\/blog.knowbe4.com\/the-outstanding-roi-of-knowbe4s-security-awareness-training-platform?utm_source=chatgpt.com\">https:\/\/blog.knowbe4.com\/the-outstanding-roi-of-knowbe4s-security-awareness-training-platform<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>IntroductionAs Chief Information Security Officer (CISO), one of the biggest challenges is deciding how to spend a limited cybersecurity budget wisely. While technology provides the backbone of protection, human behavior remains one of the greatest risks to an organization\u2019s security (Milnes, 2025). Achieving the right balance between technical controls and employee training is essential to&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/2025\/11\/21\/the-human-factor-in-cybersecurity\/\">Read More<\/a><\/div>\n","protected":false},"author":31295,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/wp-json\/wp\/v2\/posts\/240"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/wp-json\/wp\/v2\/users\/31295"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/wp-json\/wp\/v2\/comments?post=240"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/wp-json\/wp\/v2\/posts\/240\/revisions"}],"predecessor-version":[{"id":241,"href":"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/wp-json\/wp\/v2\/posts\/240\/revisions\/241"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/wp-json\/wp\/v2\/media?parent=240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/wp-json\/wp\/v2\/categories?post=240"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/cyse200tfall25\/wp-json\/wp\/v2\/tags?post=240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}