Human Factor In Cybersecurity Write Up

Nicholas Carter, 11/10/2024

In every business there is a budgeting issue where you must allocate how much funds goes towards different parts of the company. Cybersecurity is no exception, and budgeting is incredibly important to ensure a secure system. If I were a Chief Information Security Officer in a company, I would allocate funds from most to the lowest starting with keeping hardware and software up to date, then training, and the last would-be additional technology.

Hardware and Software

My reason for making this the highest priority for allocated funds is because without the necessary hardware and software there would be no way, even with proper training, to have a secure system. Having out of date software that has already been figured out gives cyber offenders a massive upper hand in securing a company’s information. And without the right hardware the systems would have trouble loading the software and data for the company. Not only does this make training significantly more difficult but there would be difficulties even for already trained professionals to do their job properly.

Training

One of the biggest challenges in cybersecurity today is having a strong human firewall. Many people in the workforce today did not grow up with cybersecurity as prominent as it is now. So there needs to be a large portion of cybersecurity funds put towards at least training every employee in the company about proper cyber hygiene. Without every employee having proper cyber hygiene there is a large vulnerability in the company to take advantage of.  But also, it should be allocated for keeping the current cybersecurity professionals up to date. With a field expanding and changing as rapidly as cybersecurity the employees should be constantly kept in the loop of development.

Additional Technology

It can be an advantage for a cybersecurity system to have new and additional hardware at their disposal. This can make them more efficient at their job and help them grow their skills as a cyber security professional. However, it cannot be put above keeping hardware and software up to date or training people. Because these two cover a much larger part of vulnerabilities than additional technologies will be able to. So, I would try to work on additional innovative technology, but it would not be my top concern.

Conclusion

The list of priorities for my allocated funding would be keeping hardware and software up to date, training employees, and then additional innovative technologies. By keeping it in this order I would be able to best cover the needs of cybersecurity in the company with limited funds.