Cali Valdivieso
5 April 2025
CYSE 200T
As the Chief Information Officer (CIO), delegating new education on cyber security training and updating the latest technology to help prohibit breaches for the company falls under my role’s responsibility. When it comes to dealing with a limited budget on top of this decision, one must take a close look at what is needed. As the CIO in action, I would plan to take the long game on ensuring my company’s success in avoiding breaches. I do not think it is fair to just put all the eggs in either spending towards training or the latest technology at all times.
The first step in deciding to delegate where I will allocate my funds is considering what level of strength I think we are at in both departments. Ideally, we would already have strong cybersecurity technology in place. If this were the scenario, the first act would be focused on training. All staff would need to under go some graded training to prove they can successfully keep the company unsafe. I think this can be observed after the courses by phishing my employees. Any employees who fail to take the correct steps to avoid a breach will then need to be reprimanded and put through the course again.
This scenario to focus on just one specific task at all times and is very unlikely in the real world. In this case, I would first evaluate the standing we are at with security as well as what type of information we are protecting. If the technology we have is extremely outdated and cannot provide any possibility of security. This would be the first thing that is updated. If security is already able to keep information safe, education would be the main task. Monthly checks on these focuses would need to be taken to decide where resources will be delivered at that certain time. While neither of these things will ever be 100 perfect, it would be important to constantly reevaluate for the company to continue to succeed