Derrick Bailey
CYSE 200T
11/10/24



This essay will focus on lessons learned from various perspectives regarding human aspects in cybersecurity and how to strategically use scarce resources to successfully reduce potential risks. It goes without saying that human interaction on network infrastructure is the primary concern for network engineers. One important aspect of cybersecurity that is not disregarded is the role that people play in creating cyberthreats. The reading for this week has highlighted several viewpoints about the role that human behavior, whether deliberate or unintentional, often plays in the context of cyberthreats. If I were the Chief Information Security Officer (CISO) who had to secure my network on a tight budget, I would focus on finding a balance between allocating money on staff training and purchasing more cybersecurity equipment.


How humans contribute to cyberthreats is one of the readings’ main themes. In an organization’s cybersecurity structure, employees may be the first line of defense as well as its biggest problem. The following are the main ways that people contribute to cyberthreats:

Phishing assaults – Workers may unintentionally divulge private information because of phishing assaults.

Social engineering – Is the practice of attackers using psychological tricks to access systems without authorization. Errors and Negligence: Even seemingly insignificant errors, like employing weak passwords or incorrectly configuring security settings, can result in serious risks.

Malicious Insiders – By abusing their access to private information, staff members with bad intentions might purposefully do harm. Understanding these contributions underscores the necessity of comprehensive training programs and robust technological defenses.

Allocation of Funds – Training vs. Technology
One of the greatest difficulties for a CISO with a tight budget is figuring out how best to divide money between investing in cutting-edge cybersecurity solutions and improving employee training. A CISO should allocate a significant amount of funds to employee education. Employees should be educated on spotting phishing efforts, be able to identify social engineering while educating staff members on how to follow data security best practices. As the CISO, it is important that we establish policies and procedures that staff members can adhere to and to ensure that they are aware of the part they play in protecting the network infrastructure. It may be a good idea to invest in AI powered threat detection systems. All computers on the network should be installed with the most recent version of an antivirus software.
As a CISO, we are keenly aware that network security is the process of protecting the network perimeter by putting intrusion detection/prevention systems (IDS/IPS), firewalls, and secure access restrictions into place. Data encryption is the process of encrypting private information while it’s in transit and at rest to prevent unwanted access. Incident Response Tools give the security staff the resources they need to react to occurrences fast and efficiently while reducing damage to the network and reducing recovery time.

It is necessary to have a strong, automated defensive system that can manage complex cyberthreats. As the CISO, I would dedicate 50% of my budget to improving the technology used on the network. I would allocate 30% of my budget towards training and development. I will reserve 20% of my budget in case of emergencies. The reason for devoting a larger percentage of the budget to technology is because technology is constantly changing/updating. However, as the human element is frequently the point of entry for cyberattacks, I have also made a substantial investment in training because I believe it is equally important. Employees with proper training can serve as an extra line of defense by seeing possible dangers early on and taking action to stop them.



Conclusion
Developing a robust cybersecurity strategy requires a balance between the trade-offs of increased cybersecurity technology and training. The human element is still crucial, even though cutting-edge technologies serve as the foundation for threat detection and a rapid response. A CISO can successfully reduce risks and improve the organization’s overall cybersecurity posture by wisely allocating finances and giving technology improvements and establishing extensive training programs as a first priority. This well-rounded strategy guarantees that technology and human defenses are maximized to guard against the constantly changing cyberthreat scenario.