Difference between revisions of "User:Shawndouglas/sandbox/sublevel3"

From LIMSWiki
Jump to navigationJump to search
Line 1: Line 1:
Businesses come in many sizes, and not all have the in-house expertise to take the deep dive into cybersecurity. To be fair, the size of a business isn't the only determiner of IT resources. Hiring practices and hosting decisions for both software and IT (e.g., software as a service and infrastructure as a service vs. local hosting) may also impact the level of cybersecurity expertise in the business. Regardless, it's doubtlessly imperative to have some type of expertise involved in assisting with the implementation of your organization's cybersecurity plan. You probably have already addressed this during part two and three of making the cybersecurity plan, but now is an excellent time to double check that aside from any short-term expertise you're tapping into while formulating your plan, ensure you have long-term support for the implementation and monitoring of the plan's components.
[[File:Figure 1- Cybersecurity Funding at IRS, Fiscal Years 2014 Estimated, 2015 Actual, 2016 Enacted, and 2017 Requested (Dollars in Millions) (28979530692).jpg|right|500px]]he realities of business dictate that time is indeed valuable.<ref name="CakmakTime19">{{cite web |url=https://techonomy.com/2019/01/time-money-money-time-means-tech/ |title=Time is Money, Money is Time, and What That Means for Tech |author=Cakmak, J. |work=Techonomy |publisher=Techonomy Media, Inc |date=11 January 2019 |accessdate=23 July 2020}}</ref> For a business to meet its primary goals, an investment of time and resources are required by those involved in the business. For a clinical laboratory, that means laboratorians performing analyses, making quality control checks, managing test results and reporting, and more. How much time do they truly need to commit in any given week to developing cybersecurity skills? And beyond the individual level, how much time does the business as a whole want to commit? With a need for training, infrastructure management, policy development and management, and recovery and continuity activities, your business has a lot to consider. These and other questions must be asked in relation to the realistic amount of resources available to the business and its personnel.  
 
Here are a few additional questions to ask, as suggested by NARUC<ref name="NARUCCyber18">{{cite web |url=https://pubs.naruc.org/pub/8C1D5CDD-A2C8-DA11-6DF8-FCC89B5A3204 |format=PDF |title=Cybersecurity Strategy Development Guide |author=Cadmus Group, LLC |publisher=National Association of Regulatory Utility Commissioners |date=30 October 2018 |accessdate=23 July 2020}}</ref>:
 
* "What level of staff time should [a business] dedicate to learning about cybersecurity and developing skills necessary to achieve stated goals?"
* "Do staff need to become subject-matter experts, or is it enough that they are familiar with the language and terms?"
* "Do any staff need one-time training, ongoing training, certifications, or security clearances?"
* "Does the [business] have enough personnel to build and maintain relationships with [cybersecurity stakeholders]?"
 
==References==
{{Reflist|colwidth=30em}}

Revision as of 16:53, 16 February 2022

Figure 1- Cybersecurity Funding at IRS, Fiscal Years 2014 Estimated, 2015 Actual, 2016 Enacted, and 2017 Requested (Dollars in Millions) (28979530692).jpg

he realities of business dictate that time is indeed valuable.[1] For a business to meet its primary goals, an investment of time and resources are required by those involved in the business. For a clinical laboratory, that means laboratorians performing analyses, making quality control checks, managing test results and reporting, and more. How much time do they truly need to commit in any given week to developing cybersecurity skills? And beyond the individual level, how much time does the business as a whole want to commit? With a need for training, infrastructure management, policy development and management, and recovery and continuity activities, your business has a lot to consider. These and other questions must be asked in relation to the realistic amount of resources available to the business and its personnel.

Here are a few additional questions to ask, as suggested by NARUC[2]:

  • "What level of staff time should [a business] dedicate to learning about cybersecurity and developing skills necessary to achieve stated goals?"
  • "Do staff need to become subject-matter experts, or is it enough that they are familiar with the language and terms?"
  • "Do any staff need one-time training, ongoing training, certifications, or security clearances?"
  • "Does the [business] have enough personnel to build and maintain relationships with [cybersecurity stakeholders]?"

References

  1. Cakmak, J. (11 January 2019). "Time is Money, Money is Time, and What That Means for Tech". Techonomy. Techonomy Media, Inc. https://techonomy.com/2019/01/time-money-money-time-means-tech/. Retrieved 23 July 2020. 
  2. Cadmus Group, LLC (30 October 2018). "Cybersecurity Strategy Development Guide" (PDF). National Association of Regulatory Utility Commissioners. https://pubs.naruc.org/pub/8C1D5CDD-A2C8-DA11-6DF8-FCC89B5A3204. Retrieved 23 July 2020.