During this week’s reading, you’ve been exposed to different points of view regarding human contribution to cyber threats. Now, put on your Chief Information Security Officer hat. Realizing that you have a limited budget (the amount is unimportant), how would you balance the tradeoff of training and additional cybersecurity technology? That is, how would you allocate your limited funds? Explain your reasoning.
The Human Factor in Cybersecurity
The Chief Information Security Officer oversees the company’s information security. They are responsible for evaluating security risks, figuring out the impact that the organization will accept, and ensuring that they handle the risks. On top of the difficult job, they must do this in a way that limited funds impact their decisions. As the Chief Information Security Officer, I would divide training and new technology (50/50) since I have limited funds.
Training
Integrity is a big part of training. To sum it up with training, we must “ensure employees are knowledgeable about compliance and regulatory requirements to minimize human error” (Chai, 2022, p. 6). If we train the workforce, there will be fewer chances of human error. Employees with experience in the company can conduct training. This will allow for money to be saved and training on the real systems the organization uses. The organization can look at updating the current security programs being used. I would look at past security incidents to see if a trend is found. By looking at the level of training for each employee and ensuring that the organization is boosting the training levels.
New Technology
New technology is not always the answer. I would look at the organization’s infrastructure. The firewalls and SIEM should be examined first. Checking small things like this would save a lot of money. The whole system doesn’t necessarily need to be replaced. There are other factors to look at before running out and buying new technology. Does the old system meet the requirements, or would it be beneficial to purchase new equipment? Organizations forget to look at whether the organization has people trained on a new system.
Conclusion
It’s nice to have an unlimited budget, but the reality is that organizations do not have unlimited budgets to buy new equipment or train employees. However, there are steps to ensure that organizations can be successful with limited funds. Training can create risk reduction, faster response times, and better training programs. New technology can save money by looking at the equipment at hand for better multifactor authentication, automated patches, and other technology. With the right trained employees and up-to-date equipment, an organization can succeed on a limited budget.
References:
Chai, W. (2022, June, 28). What is the CIA Triad? Definition, Explanation,
Examples. TechTarget. What is the CIA Triad? Definition, Explanation, Examples