13 Aug Cybersecurity is an expensive investment that cab be a huge payoff for a company if they invest their money wisely.
Cybersecurity is an expensive investment that cab be a huge payoff for a company if they invest their money wisely. In order for Red Clay Renovations Company to plan and create a budget for cybersecurity, they must first identify the biggest risks to their organization so that they can plan to mitigate those risks. Once the risks have been identified, the company can decide how they would like to go about selecting the appropriate and cost effective investments to mitigate those risks.
Red Clay Renovations Company must first accept the fact that their own employees are the biggest security risk to the company. Employees who remain ignorant to the threats to the IT systems that they operate on create an enormous amount of risk to the company. In addition, technological risks to the company exist such as vulnerabilities to unpatched system software, denial of service to the company’s web server, and the potential for user workstations to become infected by a computer virus or a botnet. Lastly, the risk to unauthorized users authenticating to the Red Clay Renovations Company IT system must be addressed and a financial investment should be incorporated to mitigate this risk. These are a few examples of personnel and technical risks that could effect the company. The National Computing Centre (2005) recommends to “ enable effective Governance, IT risks should always be expressed in the business context rather than in the technical language favoured by IT risk experts” (pg. 28).
Neutralize Attacks
It would be irresponsible of Red Clay Renovations Company to think that they would never be the target of a cyber attack. With this in mind, the company should invest in strategies that prevent those attacks and prevent any further damage to the system. Investing in the prevention of cyber attacks makes more sense than investing in ways to recover from an attack. Since cyber attacks can do overwhelming amounts of damage to a company’s infrastructure, investing in recovery strategies doesn’t bode well for the company financially depending on the severity of the cyber attack. The European Network and Information Security Agency (ENISA) (2012) explains that “In every public or private organisation, each budget investment has to be justified and its effectiveness is often evaluated afterward” (pg. 2).
Initial decisions of where to implement cybersecurity prevention strategies is difficult without having any metrics for cybersecurity incidents. Front-loading the company’s infrastructure and personnel with investments in cybersecurity prevention would be the best option in my opinion and after a year the company can determine the annual rate of occurrence (ARO) of incidents to their IT system. Once armed with this information, they can adjust where to focus their financial investment based on where the incidents are occurring, whether the incidents relate to personnel or to vulnerabilities in the infrastructure or software.
Investing in an employee training program that focuses on the cyber threats that are capable of affecting the company’s IT systems would be a smart investment. Once training is occurring on a regular basis, the company should have metrics for incidents related to personnel non compliance with company policy. These metrics should be used to determine if the training is financially beneficial and if it is helping to prevent cyber attacks. Any attack such as a distributed denial of service (DDOS) that prevents employees from carrying out their work or consumers from access to a company’s website is a threat to the company’s bottom line. (Davis et al.,2016) recommends that “Blocking attacks on client computers not only keeps them clean (infected computers can be bricked or recruited into a DDOS attack that might be directed against the organization as well as external targets), but denies hackers a common pathway into organizations” (pg. 30). Making financial investments to block attacks like a DDOS attack will keep business operation running at Red Clay Renovations Company.
References
Davis, J. S., Libicki, M. C., Johnson, S. E., Kumar, J., Watson, M., & Karode, A. (2016). A framework for programming and budgeting for cybersecurity (Rand TL-168). Retrieved from http://www.rand.org/content/dam/rand/pubs/tools/TL100/TL186/RAND_TL186.pdf
European Network and Information Security Agency. (2012). Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security. Retrieved from https://www.enisa.europa.eu/activities/cert/other-work/introduction-to-return-on-security-investment/at_download/fullReport
National Computing Centre. (2005). Developing a successful governance strategy: A best practice guide for decision makers in IT. Retrieved from https://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-Enterprise-IT/Prepare-for-the-Exam/Study-Materials/Documents/Developing-a-Successful-Governance-Strategy.pdf
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.