Difference between revisions of "User:Shawndouglas/sandbox/sublevel3"

From LIMSWiki
Jump to navigationJump to search
Line 1: Line 1:
[[File:Figure 1- Cybersecurity Funding at IRS, Fiscal Years 2014 Estimated, 2015 Actual, 2016 Enacted, and 2017 Requested (Dollars in Millions) (28979530692).jpg|right|500px]]he realities of business dictate that time is indeed valuable.<ref name="CakmakTime19">{{cite web |url=https://techonomy.com/2019/01/time-money-money-time-means-tech/ |title=Time is Money, Money is Time, and What That Means for Tech |author=Cakmak, J. |work=Techonomy |publisher=Techonomy Media, Inc |date=11 January 2019 |accessdate=23 July 2020}}</ref> For a business to meet its primary goals, an investment of time and resources are required by those involved in the business. For a clinical laboratory, that means laboratorians performing analyses, making quality control checks, managing test results and reporting, and more. How much time do they truly need to commit in any given week to developing cybersecurity skills? And beyond the individual level, how much time does the business as a whole want to commit? With a need for training, infrastructure management, policy development and management, and recovery and continuity activities, your business has a lot to consider. These and other questions must be asked in relation to the realistic amount of resources available to the business and its personnel.  
Of course, the realities of business also dictate that money is a key component to business operations. That means budgeting that all important resource. What share of the overall budget will cybersecurity take, as proposed vs. what can realistically be allotted? This is where that previously conducted gap assessment and risk assessment comes into play again. You ended up identifying critical gaps in your current infrastructure and prioritizing cyber risks based on threat, vulnerability, likelihood, and impact. Those assessments guided your goals and objectives. Does your budget align with those goals and objectives? If not, what concessions must be made? If you're a small retail shop, antivirus software and firewalls may be enough. And as editor Cristina Lago notes in her 2019 article for ''CIO'': "Be realistic about what you can afford. After all, you don’t need a huge budget to have a successful security plan. Invest in knowledge and skills."<ref name="LagoHowTo19">{{cite web |url=https://www.cio.com/article/3295578/how-to-implement-a-successful-security-plan.html |title=How to implement a successful cybersecurity plan |author=Lago, C. |work=CIO |publisher=IDG Communications, Inc |date=10 July 2019 |accessdate=23 July 2020}}</ref>
 
Here are a few additional questions to ask, as suggested by NARUC<ref name="NARUCCyber18">{{cite web |url=https://pubs.naruc.org/pub/8C1D5CDD-A2C8-DA11-6DF8-FCC89B5A3204 |format=PDF |title=Cybersecurity Strategy Development Guide |author=Cadmus Group, LLC |publisher=National Association of Regulatory Utility Commissioners |date=30 October 2018 |accessdate=23 July 2020}}</ref>:
 
* "What level of staff time should [a business] dedicate to learning about cybersecurity and developing skills necessary to achieve stated goals?"
* "Do staff need to become subject-matter experts, or is it enough that they are familiar with the language and terms?"
* "Do any staff need one-time training, ongoing training, certifications, or security clearances?"
* "Does the [business] have enough personnel to build and maintain relationships with [cybersecurity stakeholders]?"


==References==
==References==
{{Reflist|colwidth=30em}}
{{Reflist}}

Revision as of 16:55, 16 February 2022

Of course, the realities of business also dictate that money is a key component to business operations. That means budgeting that all important resource. What share of the overall budget will cybersecurity take, as proposed vs. what can realistically be allotted? This is where that previously conducted gap assessment and risk assessment comes into play again. You ended up identifying critical gaps in your current infrastructure and prioritizing cyber risks based on threat, vulnerability, likelihood, and impact. Those assessments guided your goals and objectives. Does your budget align with those goals and objectives? If not, what concessions must be made? If you're a small retail shop, antivirus software and firewalls may be enough. And as editor Cristina Lago notes in her 2019 article for CIO: "Be realistic about what you can afford. After all, you don’t need a huge budget to have a successful security plan. Invest in knowledge and skills."[1]

References