Derrick Bailey
CYSE 200T
Sept 25, 2024
The Pros and Cons of Cyber Security
I am the CEO of a fortune 500 Company whose focus is training and development. I am
proposing that we create a new cyber security program. We are debating whether the cyber
security program should be placed under the information technology unit or should it be placed under the training Iand development unit within the organization. What are the pros and cons of placing the cyber security program under the information technology unit or the training and development unit. Placing a cybersecurity program within either the Information Technology (IT) unit or the Training and Development unit has its pros and cons. Here’s a breakdown of both options:

Under Information Technology Unit
Pros:
1. Technical Expertise – IT has the technical knowledge and resources to implement effective cybersecurity measures and respond to incidents.
2. Integration with Infrastructure – Direct oversight by IT allows for better integration with
existing systems and technologies, enhancing security protocols.
3. Real-Time Threat Response – IT can quickly adapt to evolving cyber threats and ensure
immediate action is taken when incidents occur.
4. Compliance and Risk Management – IT is typically well-versed in regulatory requirements, ensuring the cybersecurity program aligns with compliance needs.

Cons:
1. Narrow Focus – The emphasis may lean too heavily on technical aspects, potentially
overlooking the human element of cybersecurity training and awareness.
2. Resource Constraints – IT departments may already be stretched thin, making it difficult to prioritize cybersecurity fully.
3. Less Emphasis on Culture – Cybersecurity may become just a technical requirement rather than a part of the organizational culture.
Under Training and Development Unit

Pros:
1. Employee Awareness and Culture – This placement emphasizes the importance of
cybersecurity awareness and training, fostering a security-conscious culture throughout the organization.
2. Holistic Approach – Training can incorporate broader aspects of cybersecurity, including
policies, best practices, and behavior change, which are crucial for prevention.
3. Cross-Departmental Reach – Training and development can more effectively engage
employees from all departments, ensuring a comprehensive approach to security.

Cons:
1. Lack of Technical Focus – Without the technical oversight of IT, the program may struggle with implementing effective technological defenses or incident response strategies.
2. Limited Resources – Training departments may lack the specific resources or expertise needed for cybersecurity implementation and management.
3. Potential Disconnect – There could be a disconnect between the training initiatives and actual technical measures, leading to gaps in security.
Conclusion
Ultimately, a hybrid approach may be most effective. Placing the cybersecurity program under IT ensures robust technical defenses and incident management, while a strong collaboration with the Training and Development unit can enhance employee awareness and culture. This integration can create a well-rounded cybersecurity strategy that addresses both technical and human elements.

To: Board of Directors
From: Derrick Bailey
Date: Sept 25, 2024

CEO MEMO

As a fortune 500 company it is important that we protect our network from any outside
threats. As the CEO of this company, it is my duty to protect all our data from any outside
intruders. This memo will have the pros and cons of placing the cyber security program
securing the IT division. An extensive evaluation of the benefits and drawbacks of each choice is provided below. The Cybersecurity program is important to my fortune 500 program because we must continuously fight to protect our network infostructure.

Under Information Technology Unit
Pros:
1. Technical expertise: The IT department has the resources and technical and knowing
how to put in place efficient cybersecurity safeguards and handle issues.
2. Integration with Infrastructure: IT’s direct supervision makes it possible to integrate
current systems and technologies to make it easier for the user and helps strengthen
security measures in the process.
3. Real-Time Threat Response: IT is a way to react correctly to changing cyberthreats and
make sure that problems are handled the correct way.
4. Compliance and Risk Management: Since the IT department usually has a thorough
understanding of legal requirements, it can make sure that the cybersecurity program
complies with those standards.

Cons:
1. Narrow Focus: An excessive emphasis on technical details may be present, the
significance of cybersecurity awareness and training.
2. Resource Constraints: Given that IT teams may already be overworked, it may be
difficult to give cybersecurity top priority and appropriate funding.
3. Less Focus on Culture: Instead of being seen as an essential component of the
company culture, cybersecurity may come to be seen as solely a technological need.
Under Training and Development Unit

Pros:
1. Employee Awareness and Culture: Under Training and Development, the program
places a strong emphasis on cybersecurity awareness and training, which helps to
create an organizational culture that is security conscious.
2. Holistic Approach: Policies, best practices, and behavior modification are all important
components of cybersecurity that can be included in training. These elements are
critical for prevention of hacks.
3. Cross-Departmental Reach: Employees from all departments can be more successfully
engaged through training and development

Cons:
1. Lack of Technical Focus: The program may have trouble putting in place efficient
technical defenses with the absence of IT’s technical oversight.
2. Limited Resources: Training departments might not have the specialized tools or
knowledge required for managing and implementing cybersecurity.
3. Possible Disconnect: Security lapses could result from a disconnect between the
implemented technical measures and the training initiatives.

Conclusion
Given the advantages and disadvantages that I had presented with the list of pros and cons, a hybrid strategy might be the best course of action. Strong technological defenses and incident management are ensured by the cybersecurity program to the IT department. Also, close working relationship with the Training and Development department can help raise staff knowledge and input a aware culture in the company. This will develop a comprehensive cybersecurity plan that considers both human and technological factors, protecting our firm from all angles.
Thank you for your attention to this matter. I look forward to your insights and decision on this strategic initiative.
Best regards,
Derrick Bailey