How To Distribute The Budget

Posted by pwhit015 on

The Bluff 

As a CISO, my strategy for balancing the tradeoff between training and cybersecurity technology is to allocate the majority of the budget towards the training of my employees. I believe that putting my budget towards employee training would be the best defense against cyber threats and that would require minimal advanced technology. With this, people will be able to focus on their main adjective that has worked well for me, which is to protect us against all the new and old threats. Of course I would put some of the budget towards getting newer technology that would have an AI-powered security system that can detect and prevent cyber attacks, so my employees would really just need to look over the security and make sure with the training they received that they don’t make any mistakes. Overall, I would prioritize training over new technology, to ensure that the organization’s cybersecurity infrastructure is very secure. 

Plan 

The first step would be to conduct a risk assessment to identify the organization’s vulnerabilities and potential cyber threats. This would let me as an CISO determine which (Mandiant 1)“areas need immediate attention and where the organization is most vulnerable to cyberattacks”. Which would allow me to focus on that part in the training to have my employees have advanced knowledge in how to prevent that type of cyber threat from damaging our organization.Based on the risk assessment I would distribute the budget accordingly. If the risk assessment reveals that my (IT 1)“employees lack cybersecurity awareness”. That’s where most of my budget would be disturbed too. In addition to training, I would distribute funds towards our cybersecurity technology, such as firewalls and antivirus software. Finally, I would regularly look over the effectiveness of the cybersecurity measures that were put in place to ensure they are addressing the identified risk.

Conclusion

In conclusion, basing everything on the risk assessment would be the only true way to understand how to distribute the budget to where the organization as a whole would be protected from cyber threats. Also it would be the only way to approach this problem with such a limited budget.

Leave a Reply

Your email address will not be published. Required fields are marked *