Decisions as CISO

Jerel Dent  

CYSE 200T 

November 8, 2024 

Decisions as CISO 

Introduction 

As a Chief Information Security Officer (CISO), it is important to make the necessary decisions to protect and secure a companies’ information and data systems. Prioritizing business essentials and employee training are our biggest focuses. 

Building a foundation 

The first step in balancing and taking care of both focuses is understanding our capabilities and budget. As a team, visualizing this allows us to create a range and make a reasonable company plan that sets us up for the best efficiency possible. Another aspect of evaluating our capabilities is reviewing the strengths and weaknesses within the companies’ previous plans. It will act as a foundational base for our new plan and offer a lot of benefits in the future.  

Priorities List 

The next order is making a list of priorities and taking care of what is highest on the list first. This includes any possible ransomware, data breaches, risk/threat assessment, a recovery plan, etc. Even while focusing on these cybersecurity aspects, employee training will be just as vital. Multiple training courses a year will be required for all employees. The importance of training is not just keeping everyone on track, but also keeping them sharp and aware in a constantly evolving and demanding field.  

Implementing Technologies 

The last immediate implementation will focus on our technologies. Introducing any new firewalls, intrusion detection systems (IDS), log monitoring systems, etc. Security is essential for the job and being prepared and able to protect against any threat or vulnerability is our goal. This portion of the new plans will take up most of the budget, so it is important that we do not purchase any unnecessary or undiscussed technologies/items.  

Conclusion 

In conclusion, balancing the focus of employees and technologies will provide the best security and execution of our plan. Training allows employees to be reminded of cybersecurity principles and practices, creating an informed and knowledgeable working environment. Most importantly, it will strengthen our security and in addition with our technology, form the greatest possible defenses against any threat or attack.