Prioritize Cybersecurity Resources

Learning Objectives

After completing this unit, you’ll be able to:

Describe how to acquire and manage the necessary resources to support cybersecurity goals.
List actions to oversee cybersecurity staffing and contracting.
Explain how to create an effective continuity of operations plan (COOP).

Manage Cybersecurity Resources

Now that you’ve had a chance to reflect on your role in advocating your organization’s official cybersecurity position, it’s time to get serious and manage your cybersecurity resources. As an executive cyber leader, it’s your job to obtain program funding from the chief financial officer (CFO) or individual in charge of the organization’s budget, and you need to justify budget allocation and resources. Your budget should reflect your cybersecurity program priorities, and seek to reduce risk based on data-driven assessments of the threat environment and your organization’s current cybersecurity posture.

An important step to managing your resources is to identify your organization’s most critical assets, the threats to those assets, and associated impacts (also known as a risk assessment) should a threat exploit them. These factors help you to understand the specific risk exposures such as financial, competitive, reputational, regulatory, or more to the “must-have” elements of your computing enterprise. You use the risk assessment results as key inputs for identifying and prioritizing protective measures, allocating cybersecurity resources, and informing long-term investments in future organizational growth.

No two organizations have the same system and network architecture, nor do they have endless resources to protect all data at any cost. Yet most organizations buy and deploy a one-size-fits-all cybersecurity solution or strategy. It’s best, however, to customize your security program to fit your organization.

Since organizational resources are nearly always limited and must also fund other risks, it’s vital that you coordinate and prioritize cybersecurity risk management to maximize effectiveness and to adequately address the most critical needs. Quantifying the financial risks of different cyberthreats enables you to direct resources to the greatest risks. It can help you strategize on what areas require more spending than others when it comes to protecting one set of critical data or assets versus another.

As an executive cyber leader, you work with business and cybersecurity leaders within your organization to come up with a budgeting strategy for funding cybersecurity programs and for allocating resources accordingly. You articulate how the budget will support the protection of your organization’s mission, information systems, and most valuable information, including the personal information of your employees and customers. You specify the activities that will be funded in support of strengthening your organization's network and infrastructure against attacks, and outline what desired outcomes will be achieved. You identify areas that will not receive funding while placing them on the road map for future investment.

An executive cyber leader presenting a budget to business and technical leaders, pointing to a board that shows graphs and dollar signs

Once you receive funding, you also need to prioritize and allocate cybersecurity resources correctly and efficiently. For example, with the advent of the COVID-19 pandemic, your organization may have shifted resources to support employees working from home with secure connections. You also may have needed to prioritize new network threats that target remote workers, or bolster customer-facing operations and e-commerce due to a surge in online transactions and services. As many people who were working from home during the beginning of the COVID-19 pandemic have started returning to offices again, budgets may have to shift to account for future changes in the threat landscape.

Oversee Cybersecurity Staffing and Contracting

Keep in mind that resources mean more than just funding. Cyber resources are the people, processes, and technologies supporting your organization. As a leader of cybersecurity within your organization, you must also acquire and manage leadership support and key security personnel, to support information technology (IT) security goals and objectives and to reduce overall organizational risk. Quantifying cyber risks can help you justify adding personnel and resources to your security teams.

As new opportunities with technology arise, your organization will need to hire tech professionals with the skill sets and familiarity of new systems to promote growth and optimize your IT budget. You must put in place a strategy to guide your organization’s cybersecurity workforce decisions, and include temporary and permanent technology staffing and outsourcing services as needed. Depending on the size of your organization, you may have a role to play in candidate screening, selection, onboarding, performance evaluation, and relationship management.

Maintain Continuity of Operations

As an executive cyber leader, it’s your job to prioritize cybersecurity resources not just under normal business conditions, but also to acquire necessary resources, including financial resources, to create and carry out an effective enterprise continuity of operations plan (COOP). Continuity of operations means a predetermined set of instructions or procedures that describe how an organization’s mission-essential functions will be identified and sustained for a predetermined amount of time as a result of a disaster event, before returning to normal operations.

By integrating cybersecurity and business continuity planning, organizations can put in place the proper processes and resources to facilitate a smooth transition in case of an attack or other unforeseen circumstance. A COOP establishes policy and guidance, which ensures that critical functions continue and that personnel and resources are relocated to an alternate facility if necessary in case of emergencies.

Kerri’s COOP

Let’s take a look at an example. Kerri is an executive cyber leader at a professional membership organization for graphic design and is responsible for implementing the organization’s COOP. In maintaining continuity of operations for her organization, Kerri takes into consideration the policies and processes that relate to core technologies and the protection of sensitive data. The organization has a database of members that includes personal information, such as their names, addresses, and details of their employment history.

The organization is gearing up for its annual conference that brings together graphic designers from around the world to share their experiences and new trends in their industry. In the middle of planning for the event, Kerri’s security team alerts her that a malicious actor has gained unauthorized access to the organization’s member database, and has used the information there to send a phishing email—that pretends to be an official invitation to the conference—to hundreds of the organization’s members. The email contains a link that when clicked downloads malicious software onto the user’s computer.

Kerri’s team contacts the incident response team to report the incident and determine the extent of the unauthorized database access. In consulting their COOP, the team decides to take the database offline temporarily so they can update its password and access control features. Since the database is key to daily business operations and needs to be restored from a recent backup as quickly as possible, Kerri’s team contacts the organization's infrastructure support personnel to determine the availability of a clean backup.

The team confirms there’s a recent backup available in their cloud storage solution, and verifies it hasn’t been tampered with. After discussion among other leaders in the organization, everyone agrees to plan to have the database back online within a couple of hours.

This gives the incident response team enough time to do more digging and confirm that the threat is no longer active in their systems and network. The infrastructure support team also implements password changes to prevent additional unauthorized access. The incident response team develops a plan to notify the organization’s members about the breach.

Thanks to the monitoring and COOP Kerri has put in place, her security team is able to identify the source of the attack and notify her incident response team and management about the threat. It’s a sticky situation, but Kerri knows what to do because she has had a COOP in place that outlines how to limit downtime and restore business operations.

The COOP also documents the procedures for notifying, activating, and deploying employees in case an adverse event (unauthorized access to the database) were to impact the organization’s daily operations. She collaborates across departments to respond to the issue and resolve it quickly. Afterward, she follows up with other leaders in her organization to share lessons learned and remediation steps to enable the organization to respond accordingly when business operations are impacted.

Knowledge Check

Ready to review what you’ve learned? The following knowledge check isn’t scored; it’s just an easy way to quiz yourself. To get started, drag the description in the left column under the matching term on the right. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset.

Great work!

Sum It Up

Now that you understand how to acquire and manage the necessary resources to support your cybersecurity goals, it’s time to explore how to communicate the value of your cybersecurity program throughout your organization, and how to align cybersecurity priorities with your organization's overall strategy.