Response needed:Every organization is susceptible to cyber-crimes; it’s just a matter of time. While no one business can put a monetary assessment on a likelihood of an attack however a business can estimate risks based on assets and valuable data. Attacks are costly and can ruin an entire organization. RCR is aware of the risks that exist in the company, and the best way to abate these risks is by neutralizing them. The company plans to slightly increase the 2017 IT security budget to strengthen some components of cybersecurity that represents great risks to the company. The focus of the company for next year’s budget is on employees training and policies, BYOD and telework, Network security, Risk management software, and security framework for the smart devices. Cyber threats are inevitable, RCR’s best approach is to minimize the possibilities of an attack, substantially reduce the risks impact if an attack were to occur and immobilize the attack from spreading. Fifteen percent of IT budget goes toward cybersecurity and the percentage is steadily increasing as the criminals and the attacks are getting craftier (Schrader, 2014).RCR aims at reducing cost of cybersecurity and neutralize attacks byReduce the number of cyberattack attempts.Develop mitigations for specific known threats.Block cyberattacks.Ensure the quality of software and hardware components in the network.Systematically reduce risks inherent in the network.Improve the security-related competence of system administration.Test system defenses against simulated attacks.Reduce the amount of material exfiltrated in attacks.Increase distributed denial of service (DDOS) defenses (David, Libicki, et la. ,2016). Secondly RCR will engage in performance measurement to substantiate the goal of strategic IT objectives and provide a review of IT performance. It is paramount that the company can demonstrate its IT capabilities by being able to detect early signs of risks and pitfalls. The performance measurement provides transparency of IT related costs, which increasingly account for a very significant proportion of most organizations’ operating expenses. RCR uses metrics to assess risks and programs that are not working or produce a good return of the security investment. Every company has a risk threshold, except for when it comes to cybersecurity risks; it is a zero tolerance. Companies budget for maintenance and equipment life cycle expectancy. Therefore costs is realized somewhere in the company’s future budget plan. But there is no cost plan to restore reputation once it has been damaged by cyberattacks. References Davis, J. S., Libicki, M. C., Johnson, S. E., Kumar, J., Watson, M., & Karode, A. (2016). A framework for programming and budgeting for cybersecurity (Rand TL-168). Retrieved October 07, 2016 from http://www.rand.org/content/dam/rand/pubs/tools/TL100/TL186/RAND_TL186.pdf Developing a successful governance strategy. (n.d.). Retrieved October 7, 2016, from http://www.rand.org/content/dam/rand/pubs/tools/TL100/TL186/RAND_TL186.pdf Schrader, C. (2014, December 08). Cyber Security Budget Planning for Small Businesses. Retrieved October 07, 2016, from http://www.nationalcybersecurityinstitute.org/general-public-interests/cyber-security-budget-planning-for-small-businesses/
Recent Comments