{"id":288,"date":"2023-12-02T05:54:17","date_gmt":"2023-12-02T05:54:17","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/joshuaseaford\/?p=288"},"modified":"2023-12-02T05:54:17","modified_gmt":"2023-12-02T05:54:17","slug":"the-human-factor-in-cybersecurity","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/joshuaseaford\/2023\/12\/02\/the-human-factor-in-cybersecurity\/","title":{"rendered":"The Human Factor in Cybersecurity"},"content":{"rendered":"\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-layout-1 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<p>As a Chief Information Security Officer (CISO) with a limited budget, I would make<br>decisions on how to use resources between training and cybersecurity technology. The balance<br>between these two areas is dependent on an organization&#8217;s current security position, its risks, and<br>its long-term security objectives.<br>Look At Current State<br>Begin conducting an assessment on the organization&#8217;s current cybersecurity position.<br>Understand the existing technologies vulnerabilities and the level of cybersecurity awareness<br>amongst employees.<br>Identify Key Risks<br>Identify the organization&#8217;s cybersecurity risks and determine what types of threats are the<br>most significant, such as data breaches, insider threats, malware, and others.<br>Figure Out Budget<br>Based on the risk analysis, figure out a portion of the budget to both training and<br>cybersecurity technology. The split will vary depending on the organization&#8217;s needs, but as a<br>general guideline, consider a 60\/40 or 70\/30 split for technology if resources are limited.<br>Employee Training and Awareness<br>Have a portion of the budget for cybersecurity training. The emphasis should be on<br>educating employees to recognize and respond to cyber threats. This includes phishing<br>awareness and training to reduce social engineering risks, security awareness programs that<br>promote good security practices, and scheduled security training for the IT team and other staff.<br>Consistent Improvement<br>Create a culture of consistent improvement in technology and training. Regularly review<br>and update the technology, keeping an eye on new threats. Adapt training programs to address<br>threats and educate employees about new risks.<br>Measure and Adjust<br>Implement Key Performance Indicators (KPIs) and metrics to track the effectiveness of<br>the technology and training. Regularly assess your security position and adjust the amount of<br>resources based on risks and performance data.<br>Collaboration and Information Sharing<br>Consider collaborating with other industries, sharing threat intelligence, and sharing<br>collective resources to better cybersecurity.<br>Conclusion<br>Balancing the amount of limited funds between training and cybersecurity technology is a<br>never ending process. Flexibility and adaptability are important. By making informed decisions<br>based on the organization&#8217;s needs and risks, CISOs can make the most of their effectiveness of<br>the cybersecurity efforts.<br><\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>As a Chief Information Security Officer (CISO) with a limited budget, I would makedecisions on how to use resources between training and cybersecurity technology. The balancebetween these two areas is dependent on an organization&#8217;s current security position, its risks, andits long-term security objectives.Look At Current StateBegin conducting an assessment on the organization&#8217;s current cybersecurity position.Understand&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/joshuaseaford\/2023\/12\/02\/the-human-factor-in-cybersecurity\/\">Read More<\/a><\/div>\n","protected":false},"author":27499,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/joshuaseaford\/wp-json\/wp\/v2\/posts\/288"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/joshuaseaford\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/joshuaseaford\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/joshuaseaford\/wp-json\/wp\/v2\/users\/27499"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/joshuaseaford\/wp-json\/wp\/v2\/comments?post=288"}],"version-history":[{"count":2,"href":"https:\/\/sites.wp.odu.edu\/joshuaseaford\/wp-json\/wp\/v2\/posts\/288\/revisions"}],"predecessor-version":[{"id":293,"href":"https:\/\/sites.wp.odu.edu\/joshuaseaford\/wp-json\/wp\/v2\/posts\/288\/revisions\/293"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/joshuaseaford\/wp-json\/wp\/v2\/media?parent=288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/joshuaseaford\/wp-json\/wp\/v2\/categories?post=288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/joshuaseaford\/wp-json\/wp\/v2\/tags?post=288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}