{"id":320,"date":"2025-04-29T03:19:22","date_gmt":"2025-04-29T03:19:22","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/darlaeldridge\/?p=320"},"modified":"2025-04-29T03:19:22","modified_gmt":"2025-04-29T03:19:22","slug":"the-human-factor-in-cybersecurity","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/darlaeldridge\/2025\/04\/29\/the-human-factor-in-cybersecurity\/","title":{"rendered":"The Human Factor in Cybersecurity"},"content":{"rendered":"\n<p><strong>Balancing Cybersecurity Training and Enabling Technologies on a Shoestring Budget<\/strong><br>        As CISO, I must make important decisions regarding the rightful application of a very<br>limited cybersecurity budget. With cyber threats evolving every moment, employee training<br>becomes an important battlefield against human errors. This calls for some weighing of resources<br>between user training and technical defenses. Although technology forms the backbone for the<br>defense of organizational infrastructure, people are the first line of defense. Thus, I will prioritize<br>spending in a way that checks both human and technical aspects of cybersecurity.<br><strong>Prioritization of User Training and Awareness<\/strong><br>        Roughly 60% of the budget would then be invested in user training and awareness<br>programs. The reason for this is that a large number of cyber incidents tend to be caused by the<br>actions and movements of users, such as falling prey to phishing emails, opting for weak<br>passwords, or mismanaging sensitive data. Continuous and interactive training, such as phishing<br>simulations, video-based modules, and awareness campaigns, can arm employees against<br>ever-increasing vigilance and security consciousness. In such cases, a well-trained workforce is<br>not relegated to the likelihood of successful attacks only; they form a culture of cybersecurity<br>awareness that pays dividends over time. Research has shown that human error frequently causes<br>security threats and that targeted training may be the most effective way to minimize this risk<br>(Amoresano, 2021).<br><strong>Investing in Cybersecurity Technologies<\/strong><br>        Approximately 30% of the budget would be used for key cybersecurity instruments and<br>technology: a collection of next-generation firewalls, endpoint detection and response (EDR)<br>solutions, multi-factor authentication (MFA), email filtering, and patch management tools. While<br>training stops many of the threats, these technologies provide vital protection-mechanisms to<br>automatically detect threats, monitor system vulnerabilities, and stop attacks going through the<br>human defense. The selection of the right tools can provide strong protection at a reasonable<br>cost.<br><strong>Incidence Response and Risk Assessment<\/strong><br>        The last 10% of its budget would concern incident response planning and risk<br>assessment. This covers activities like tabletop simulations, protocols for response, and the<br>hallmark of regular security audit. These activities build up the preparedness of the organization<br>toward effective response in the event of security being breached while at the same time pointing<br>out the holes in training and technology. These get-ahead assessments ensure resources are being<br>used intentionally while keeping agility against the newest threats.<br><strong>Conclusion: Building the Cybersecurity for Resilience<\/strong><br>        All in all, cybersecurity is no longer a technological problem; it has become a problem<br>for humankind. Hence, staying the course with a balanced investment strategy skewing a little<br>toward training guarantees that employees become co-security guardians of the organization. As<br>highlighted by NIST (2003), even a slight investment of resources in security education and<br>training may significantly enhance an organization&#8217;s security system. The investment in<br>important security technologies, meanwhile, ensures automation and threat-detection<br>capabilities. Even on a limited budget, it is possible to achieve all this if planned and well<br>accounted for.<\/p>\n\n\n\n<p><br><strong>References<\/strong><br>Amoresano, K. (2021). Addressing human error through effective cyber policy design. University<br>at Albany, SUNY. Retrieved from https:\/\/scholarsarchive.library.albany.edu<br>National Institute of Standards and Technology. (2003). Building an Information Technology<br>Security Awareness and Training Program (NIST SP 800-50). Retrieved from<br>https:\/\/nvlpubs.nist.gov<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Balancing Cybersecurity Training and Enabling Technologies on a Shoestring Budget As CISO, I must make important decisions regarding the rightful application of a verylimited cybersecurity budget. With cyber threats evolving every moment, employee trainingbecomes an important battlefield against human errors. This calls for some weighing of resourcesbetween user training and technical defenses. Although technology forms&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/darlaeldridge\/2025\/04\/29\/the-human-factor-in-cybersecurity\/\">Read More<\/a><\/div>\n","protected":false},"author":30589,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/darlaeldridge\/wp-json\/wp\/v2\/posts\/320"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/darlaeldridge\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/darlaeldridge\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/darlaeldridge\/wp-json\/wp\/v2\/users\/30589"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/darlaeldridge\/wp-json\/wp\/v2\/comments?post=320"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/darlaeldridge\/wp-json\/wp\/v2\/posts\/320\/revisions"}],"predecessor-version":[{"id":321,"href":"https:\/\/sites.wp.odu.edu\/darlaeldridge\/wp-json\/wp\/v2\/posts\/320\/revisions\/321"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/darlaeldridge\/wp-json\/wp\/v2\/media?parent=320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/darlaeldridge\/wp-json\/wp\/v2\/categories?post=320"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/darlaeldridge\/wp-json\/wp\/v2\/tags?post=320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}