If I was the Chief Information Security Officer, I would make sure that I prioritize training rather than additional cyber security technology. I believe that I would do this because ultimately I believe that human beings are the ones responsible to make sure that all cyber security measures are being followed. “Training would allow the employees to have the knowledge necessary in order to avoid any human error that can cause an issue for the company” (Jones). It is important to invest in training individuals in order for them to be aware of cyber threats and how to protect against them. Both training and technology are important aspects in a company.

But when having a limited budget I do believe that training would allow for better cyber security measures. Training is more likely to be effective in preventing cyber attacks. Training allows for education and how to identify and protect against certain threats. Training is cost effective rather than technology , training will allow for more knowledge at a lower cost. Lastly, training is more flexible than technology because it can be customized to the specific needs of an organization. While considering all aspects of both training and additional cyber security technology, I ultimately believe that training is the most important investment in cyber security. It is more effective, provides knowledge for the employees, more cost effective, and lastly it is more flexible than technology.

References

Jones, K. S., Namin, A. S., & Armstrong, M. E. (2018). The core cyber-defense knowledge,
skills, and abilities that cybersecurity students should learn in school: Results from interviews with
cybersecurity professionals. ACM Transactions on Computing Education (TOCE), 18(3), 1-12