Prompt:

What are the costs and benefits of developing cybersecurity programs in business?

Post:

The major costs associated with developing a cybersecurity program are the resources, finances, and personnel required to facilitate the program, but security incidents can be more costly if a proper cybersecurity program is not upheld. Cyber security requires many different processes and activities across multiple disciplines to be successful, for example writing policy and procedure, training IT and non-IT staff, as well as managing security solutions. Cyber security from a top-down perspective is accomplished through developing policies and procedures that certify security at all points of vulnerability. For instance, a policy on communication through email is necessary to describe how the system is to be used, as well as how information within the email system is secured, such as with encryption which would be another policy that would need to be developed. Needless to say, there are many different bases that need to be covered by cybersecurity policies and procedures. The creation of cybersecurity policies and procedures can be overwhelming, which can take a toll in finances and resources, but having effective policies in place improves overall security and efficiency of activities by essentially removing some of the decision making processes; the persons utilizing the policy/procedure should not have to decide their exact course of action for the best security outcome for every task because not all people are security experts. But specifically for IT staff, it should be outlined how the implementation and/or dissemination of security solutions is to be completed and by what party. Certain IT staff will be better equipped to implement certain security measures than others, for example a technician may install and modify network firewalls for security whereas an information security officer (ISO) may develop and publish a security policy. This also emphasizes the resource load a cybersecurity program can have, many different personnel are required to manage all aspects of the program. A technician may also manage security solutions such as intrusion detection/prevention systems or network awareness applications such as an internal packet sniffer. This highlights another cost to a cybersecurity program, there are many different hardware and software technologies that are expensive to purchase, implement, and maintain. Nevertheless, a cybersecurity program is necessary to some degree, whether it’s extensive and detailed or simple and outsourced, the benefit of decreased security incidents outweighs the cost of a cybersecurity security program.