One

Most jobs, whether they are in the cybersecurity field or not, have something that they feel is worth protecting. With that, for some individuals, it is also worth stealing. There are many jobs that have a heavy presence of computers and technology that help them to run efficiently and protect their assets, but with this, they are also at risk. In most jobs, there is a security clearance level depending on how high-ranking of a position the employee has, and this helps to try and prevent anyone who shouldn’t have access from being able to get a hold of potentially sensitive information. There are some people who are tech-savvy and could find ways of getting a person’s username and password, however, and with this they could possibly access that protected information. Ill-intended IT employees could also use their clearance and be deviant under the guise of helping.

Two

While reading this week, one of the parts that stuck out to me was where it said that when it comes to meeting demands, only present concerns are addressed, not the future ones. I think that when it comes to developing cyber-policy and infrastructure, there are a variety of ways to approach it. First, I think that there should be constant research being conducted and information being learned. In this field, different tools or vulnerabilities are constantly being discovered and keeping up to date with the updates will help with staying in the mix. Going along with the last point, another approach would be to stay updated in specific methods (both new and old) necessary in this field like finding exploitations. Lastly, making sure that the employees and staff in all departments are knowledgeable on at least the basics would help in the long run. We have talked previously about how human factors can affect this field, and I think that making sure there are frequent check-ins or assessments in their knowledge will help save money and protect assets.

Three

The Human Factor in Cybersecurity

BLUF

Technology and cybersecurity are things in this world that are forever changing, and with that, cyber threats are also evolving. There are routes that companies can take in attempts to lower the probability of these attacks, and in the end, save money. As Chief Information Security Officer, it is my job to allocate funds in the budget for both Cybersecurity Training and Additional Cybersecurity Technology. 

Cybersecurity Training

We’ve learned that human factors are some of the main causes for cybersecurity incidents. One of the main instances is from phishing. Individuals, both lower-level employees and executives, become careless while at work and can open emails that allow hackers into the company system and lead to bigger cybersecurity incidents. With training, workers would learn how easy it is to become the victim in these situations, as well as how simple it is to prevent them. Cybersecurity training would help, in the long run, to save money for the company. 

Additional Cybersecurity Technology

With cybersecurity and computers constantly changing, companies and organizations also need to keep up. There needs to be a consistent evolution of technology and tools used in order to be the most capable in handling cybersecurity incidents. Everyday, software systems become more advanced and new ways of hacking come out, so companies need to keep updating what they have, so that they are better suited for what they might face. 

The Budget

As the Chief Information Security Officer in this scenario, I am responsible for the budget. With everything discussed in mind, I would allocate 60% of the budget to Cybersecurity Training and I would allocate the remaining 40% to Additional Cybersecurity Technology. As I stated, I chose to allocate more funds towards Cybersecurity Training, because it is my belief that it is the simpler one to tackle. With the training, smaller incidents stemming from ignorance or naivete would decrease, which would take the overall tally down as well. 

Conclusion

As discussed, all companies can benefit from Cybersecurity Training and Additional Cybersecurity Technology. With these simple tasks, companies could see a downward trend in the cybersecurity incidents that they face. While both of these will not completely stop companies from being hacked, they will aid in keeping the numbers down by having those involved be more vigilant.