The Human Factor in Cybersecurity

Posted by jseaf002 on

As a Chief Information Security Officer (CISO) with a limited budget, I would make
decisions on how to use resources between training and cybersecurity technology. The balance
between these two areas is dependent on an organization’s current security position, its risks, and
its long-term security objectives.
Look At Current State
Begin conducting an assessment on the organization’s current cybersecurity position.
Understand the existing technologies vulnerabilities and the level of cybersecurity awareness
amongst employees.
Identify Key Risks
Identify the organization’s cybersecurity risks and determine what types of threats are the
most significant, such as data breaches, insider threats, malware, and others.
Figure Out Budget
Based on the risk analysis, figure out a portion of the budget to both training and
cybersecurity technology. The split will vary depending on the organization’s needs, but as a
general guideline, consider a 60/40 or 70/30 split for technology if resources are limited.
Employee Training and Awareness
Have a portion of the budget for cybersecurity training. The emphasis should be on
educating employees to recognize and respond to cyber threats. This includes phishing
awareness and training to reduce social engineering risks, security awareness programs that
promote good security practices, and scheduled security training for the IT team and other staff.
Consistent Improvement
Create a culture of consistent improvement in technology and training. Regularly review
and update the technology, keeping an eye on new threats. Adapt training programs to address
threats and educate employees about new risks.
Measure and Adjust
Implement Key Performance Indicators (KPIs) and metrics to track the effectiveness of
the technology and training. Regularly assess your security position and adjust the amount of
resources based on risks and performance data.
Collaboration and Information Sharing
Consider collaborating with other industries, sharing threat intelligence, and sharing
collective resources to better cybersecurity.
Conclusion
Balancing the amount of limited funds between training and cybersecurity technology is a
never ending process. Flexibility and adaptability are important. By making informed decisions
based on the organization’s needs and risks, CISOs can make the most of their effectiveness of
the cybersecurity efforts.

Leave a Reply

Your email address will not be published. Required fields are marked *