If I were the CISO for a publicly traded company I would make sure that all computers were set up with virus protection, implement SDN or Software Defined Networking, ensuring that QoS or Network Quality of Service metrics are being met and running a Network Visualization Program. The Network Quality of Service is a set of metrics that are set up to ensure that the network is running well. This will help businesses deal with unnecessary costly expenses if the network goes down. The Network Visualization program would help locate the root cause of any issues going on with the network. It displays the results in maps and much more to keep the network working properly. I think this is important to have because it takes the headache out of problem solving and getting to the root of the issue will help with figuring out how to resolve the issue. The Software Defined Networking or SDN assists with configuring routers, switches, access points, and other devices that connect to the network. Two functions that are incorporated with SDN would be the control and policy-based configuration and they can be used to provide mandates for network management to multiple devices and determine how a function works on network devices. There would more than likes be quite a few devices to manage so it is essential for everything to be on the same page

With a limited budget, I would balance the tradeoff of training and additional cybersecurity technology by investing keeping the balance equal between the two. I think it is very important to keep all cybersecurity technology within the workplace up to date and ensure that everyone is up to date with cybersecurity guidelines and protocols to help reduce cybercrime. Without the latest technology, they could open the organization to more vulnerabilities from malware attacks and cybercriminals. I also think at the very least an annual refresher would be a great way to keep the organization safe and the cost low.

I would approach the development of cyber-policy and infrastructure by recognizing that it is nearly impossible to predict the long-term effects of technology and would continue to approach it as usual unless something changes. As quoted in the reading “Knowledge, under these circumstances, becomes a prime duty beyond anything claimed for it heretofore”, we should be doing what we can to keep up with the latest policies and technological advances to have a better understanding of what we may face in the long term. If any changes have been made to the policies and procedures, we should be able to quickly adapt to those changes and find any workarounds if necessary.