{"id":218,"date":"2026-04-16T18:52:40","date_gmt":"2026-04-16T18:52:40","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/ntm1794\/?p=218"},"modified":"2026-04-16T18:52:40","modified_gmt":"2026-04-16T18:52:40","slug":"hypothetical-budget-proposal-human-factor","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/ntm1794\/2026\/04\/16\/hypothetical-budget-proposal-human-factor\/","title":{"rendered":"Hypothetical Budget Proposal (Human Factor)"},"content":{"rendered":"\n<p>Nicholas T. Martin<br>4\/16\/2026<br>2026 (Q2) Security Posture Proposal<br><strong>BLUF<\/strong>: Due to the limited budget provided for network\/information security, this memo aims to<br>provide senior leadership with technological and policy options that have been identified to have<br>the highest ROI while remaining within the parameters of the current budget.<br><strong>The Human Factor<\/strong><\/p>\n\n\n\n<ul>\n<li>Recent industry research identifies human fallibility as a key source of vulnerability in<br>any system.<\/li>\n\n\n\n<li>Human employees are susceptible to social engineering and phishing attempts via many<br>forms of communication, though primarily over email.<\/li>\n\n\n\n<li>Regular and effective cybersecurity training can largely mitigate these concerns, though<br>mistakes must still be anticipated.<\/li>\n\n\n\n<li>For this reason, equally splitting the current security budget between employee training<br>and technological applications will have the largest impact on hardening our current<br>systems<br><strong>Training Proposal (~40-50%)<\/strong><\/li>\n\n\n\n<li>Quarterly Training \u2013 Having frequent and effective training focused on key risks (social<br>engineering, phishing, device handling, etc.) with real-world scenarios will provide<br>employees with the capability of identifying phishing attempts at the user level.<br>Additionally, a training program has a quantifiable cost that is easy to account for.<\/li>\n\n\n\n<li>Simulated Tests \u2013 Implementing simulated phishing attempts within the company is a<br>near zero-cost policy that can highlight the effectiveness of current training models and<br>allow for targeted training.<\/li>\n\n\n\n<li>Report Campaigns \u2013 To fully understand the health of our systems, it is vital that all<br>levels of the organization communicate any concerns. To this end, creating programs to<br>encourage employees to report suspicious behavior and communications will folster a<br>culture of transparency and cooperation.<br><strong>Technological Proposal (~50-60%)<\/strong><\/li>\n\n\n\n<li>Multi-Factor Authentication \u2013 The organization has already purchased our current MFA<br>contract and has been utilizing it. By leaning on this already available technology and<br>expanding its use, company portals and login credentials can be safeguarded for minimal<br>costs.<\/li>\n\n\n\n<li>Email Protection \u2013 AI-powered anti-phishing filters are a cost-effective way to minimize<br>employee exposure to potentially malicious communications.<\/li>\n\n\n\n<li>Endpoint Protection \u2013 In the event of a breech, it is vital to identify, contain, and expel<br>any malicious software. For this reason, protecting company devices (laptops, tablets,<br>routers, etc.) with endpoint protection software may be a more costly solution but will<br>serve as an effective final security measure.<\/li>\n\n\n\n<li>Log Monitoring and Alerts \u2013 Tracking potentially critical event logs and network traffic<br>(SIEM applications) can prevent unauthorized breeches before the company suffers<br>significant damages.<br><strong>Conclusion<\/strong><br>By taking a mixed security approach with the available funds (training\/technology), we can<br>account for human fallibility while still protecting our systems in the event of intrusion and<br>breeches. Additional steps may be needed for a robust security stance, though the options<br>provided above are budget friendly and highly effective.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Nicholas T. Martin4\/16\/20262026 (Q2) Security Posture ProposalBLUF: Due to the limited budget provided for network\/information security, this memo aims toprovide senior leadership with technological and policy options that have been identified to havethe highest ROI while remaining within the parameters&#8230; <a class=\"more-link\" href=\"https:\/\/sites.wp.odu.edu\/ntm1794\/2026\/04\/16\/hypothetical-budget-proposal-human-factor\/\">Continue Reading &rarr;<\/a><\/p>\n","protected":false},"author":31982,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/posts\/218"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/users\/31982"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/comments?post=218"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/posts\/218\/revisions"}],"predecessor-version":[{"id":219,"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/posts\/218\/revisions\/219"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/media?parent=218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/categories?post=218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/tags?post=218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}