In preparation for my MSc Computing Security completion end this year, I am again finding myself deeply into discussion, thought and debate.

The question: "In your opinion, How can an organization’s cyber-security professionals make it as easy as possible for employees to fulfill this role?"

My quick response (prior to delving into this and a lot more detail): More attention to both the capacity and capability of the cyber-security workforce is needed, Even large organisations with major resources devoted to cyber-security have suffered major cyber-security compromises.

The cyber-security role and implementation shifts on a regular basis, and with this organisations are desperate to fill the growing requirement to fill the many needed vacancies.

However even with the most highly technical teams we cannot prevent the most determined attackers. It is wise, therefore, to thoroughly prepare for security incidents. This requires a well prepared and versed incident response plan that encompasses the technical details, practical instructions for executive and legal teams, and any key ethical considerations.