Riley McFadden
CYSE 200T
November, 9 2024
Balancing Tradeoff
BLUF: If I had a limited budget as a Chief Information Security Officer, my main focus
would be on training people and investing in a few key security tools. People are often the
biggest security risk, so training can prevent common mistakes. At the same time, investing in
basic tech like multifactor authentication and endpoint protection would create a solid, and,
cost-effective defense. By targeting these areas, I’d aim to strengthen our security without
overspending.
Training
Many cybersecurity issues result from people making simple mistakes, like clicking on
suspicious links, using weak passwords, or not updating software. So, I’d put part of the budget
into regular training sessions to teach everyone the basics, like spotting phishing emails, creating
strong passwords, and understanding why it matters. This would help stop a lot of problems
before they even start.
Technology
On the tech side, I’d stick to essentials like multifactor authentication (MFA) and
endpoint protection. MFA is a simple, extra layer of security for our accounts, making it harder
for hackers to break in even if they have a password. Endpoint protection keeps our devices like
laptops and phones safe from malware and other threats. I’d avoid spending on really advanced
or overly complicated security tools that might be costly and hard to maintain
Conclusion
To sum it up, with a small budget, putting money into training and basic security tools is
the best move. Training helps people avoid common mistakes, and simple tools like MFA and
protection for devices keep us safer. This way, we’re covering the basics and keeping things
secure without spending too much.