reply to post below just half page j

/in /by

Cyber-security is a multi-billion dollar industry that is forecasted to reach upwards of 250 billion by 2023 (Shelly, 2020). That’s less than 3 years away and the surprise of it all is why its increasing so much. As cyber-attacks on the rise due to growth in Internet of things (IOT) devices and other conveniences that make our lives easier to communicate and transmit data, so are the cyber threats and malicious actors who aim at stealing that data and selling or exploiting it for their benefit. Whether state sponsored or an individual is their mom’s basement, these threats pose undue risk to the cyber industry and have drastically increased the need for both cyber security technology which assists in neutralizing attacks as well as increased training and abiding by the policies in place that would effectively mitigate those attacks in the first place. As “90% of cyber-attacks and data breaches were caused by human error” according to Kaspersky lab in 2019 (Spadafora, 2019), this puts into serious question the capability for current policies, training, education and other means to prepare workers to avoid such mistakes at an all-time low. At the end of the day you must consider how these team members are being trained and what they are applying and absorbing, the resources and time spent training them, and whether what is being taught is effective in a real world scenario such as a data breach.

Introduction

On of RCR’s future goals was to kick start the security education, training and awareness (SETA) program. Since RCR has made huge changes to revitalize its policies, comply with industry best practices and standards and improved the overall quality of its training program, now is the best time to implement this SETA program to develop a formidable risk management strategy for years to come (King, 2018). We will consider the budget for developing a more resilient process and the importance of training our employees, staff, management and contractors to identify threats and avoid, remove, or report such events when faced put in these situations.

Planning:

  • Increase Resilience- Increasing resiliency is a proactive approach that starts with any company’s most vulnerable asset, its employees. As mentioned earlier, employees are most likely to introduce malware, viruses or become exploited by social engineering attacks which can compromise the system and company network.

How to identify phishing emails, what to look for when an individual uses pretexting as a means to gain entry to the network and vetting third party associates and affiliates properly to avoid exposing the company to unnecessary threats. These training events are hands on in your face focused on achieving real time results unlike Computer based or PowerPoint focused training which lose the focus of the audience much faster.

Programming:

Red Clay Renovations (RCR) will host quarterly, 2 daylong conference workshops for every level of management, IT or employee that will be aimed at hands on approaches to everyday malware and social engineering attacks, email scams and other exploits that may transpire in the workplace. Correctly identifying valid certificates, ensuring emails that have links are verified before clicking and utilizing two factor authentication when verifying personnel are who they say they are is what RCR will provide to get employees excited about safety and cyber security (Rand, 2016). Additionally a part of the class will revolve around how data breaches specifically affect each member, and ways to implement preventative measure at home, family and personnel life to develop effective techniques to change their cyber security behavior (Aiselnet, 2019). Each member should find the importance of taking meaningful discussion and hands on techniques from the workshop.

Budget:

The cost for every class is $500 dollars a person, for two days (average workshop is $free-$5000) (StartCyberCareer, 2020). RCR has approximately 100 employees and this averages out to about $50,000 per course, and $200,000 annually. Additionally, the IT department and CISO will assist in building the subject matter for the course which will be under guidance from FIPS 199/200, NIST SP 800 (160-2 ), RAND: A framework for programming and budgeting for cyber-security and DHS: Blueprint for a Cyber Future. This will substantially cut down on costs and allow the internal team to eventually present/train and educate each member at a fraction of the cost {(RAND, 2016), (CISA, 2020), (CSRC, 2019), and (CSRC.NIST, 2018)|

Note: Although this seems high, the average cost of a data breach on 2019 was $3.92 million dollars (HIPAAjournal, 2019). This is about 5% in costs comparison. 200,000/3,920,000=0.051.

Other possibilities and areas of improvement to eventually incorporate into RCR budget and risk management security plan.

  • Neutralize Attacks- Neutralizing attacks is a reactive approach. Although very necessary, and effective it aims at combating a growing problem. But where does the problem stem and how can we lowed the cost of Cyber security info structure by preparing our staff, colleagues and employees to mitigate complacency errors and other human factors that lead to the majority of these hacks and breaches?

These preventative best practices are essential to protecting a system or companies networks because every company will eventually get hit. It all depends on how many layers of security defense are in place to combat the attackers manpower, skill and tool set, time, resources, and what the risk is to achieve the given goal (financial numbers, sensitive or classified data and PII for ex.). (Rand, 2016)

  • Minimize Exposure- Although I agree with this concept and believe in its importance, the bigger a company gets limits its ability to perform this objective effectively. The ability for a company to throw a lot of money at something doesn’t always have the intended affects that the company wants. Appointing a CISO, encrypting data, Patching and updating OS’s often, putting an Incident Response plan (IRP), and having well-built network security policies (Chubb, 2020) all lack one thing, training and education. Although this is an effective proactive approach it still ends with being a target due to growth and how to protect your company, its resources and information from intellectual theft and data breaches. We must consider that in order to have the intended effect of minimal exposure a company must reduce the number of machines on the network within its control, access point to connect to those machines, resources or other areas of importance that are attractive to malicious actors and all of these result in limiting the growth and influence of a company (Rand, 2016).
  • Accelerate Recovery

Going with the theme that everyone will get hit, how prepared is the company in incident response preparedness, mitigating the effects and length the attack occurs or the intruders are present within the network and the ability to detect them when they set foot in the system and track their movements?

Cyber insurance policies are an important piece of recovery efforts, as they diminish the added costs of efforts relating to post attacks and clean up.

 
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.