Classifying SMEs for Approaching Cybersecurity Competence and Awareness

Proceedings of the 16th International Conference on Availability, Reliability and Security Pub Date : 2021-08-16 DOI:10.1145/3465481.3469200

Alireza Shojaifar, Heini-Marja Järvinen

{"title":"Classifying SMEs for Approaching Cybersecurity Competence and Awareness","authors":"Alireza Shojaifar, Heini-Marja Järvinen","doi":"10.1145/3465481.3469200","DOIUrl":null,"url":null,"abstract":"Cybersecurity is increasingly a concern for small and medium-sized enterprises (SMEs), and there exist many awareness training programs and tools for them. The literature mainly studies SMEs as a unitary type of company and provides one-size-fits-all recommendations and solutions. However, SMEs are not homogeneous. They are diverse with different vulnerabilities, cybersecurity needs, and competencies. Few studies considered such differences in standards and certificates for security tools adoption and cybersecurity tailoring for these SMEs. This study proposes a classification framework with an outline of cybersecurity improvement needs for each class. The framework suggests five SME types based on their characteristics and specific security needs: cybersecurity abandoned SME, unskilled SME, expert-connected SME, capable SME, and cybersecurity provider SME. In addition to describing the five classes, the study explains the framework's usage in sampled SMEs. The framework proposes solutions for each class to approach cybersecurity awareness and competence more consistent with SME needs.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3465481.3469200","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Cybersecurity is increasingly a concern for small and medium-sized enterprises (SMEs), and there exist many awareness training programs and tools for them. The literature mainly studies SMEs as a unitary type of company and provides one-size-fits-all recommendations and solutions. However, SMEs are not homogeneous. They are diverse with different vulnerabilities, cybersecurity needs, and competencies. Few studies considered such differences in standards and certificates for security tools adoption and cybersecurity tailoring for these SMEs. This study proposes a classification framework with an outline of cybersecurity improvement needs for each class. The framework suggests five SME types based on their characteristics and specific security needs: cybersecurity abandoned SME, unskilled SME, expert-connected SME, capable SME, and cybersecurity provider SME. In addition to describing the five classes, the study explains the framework's usage in sampled SMEs. The framework proposes solutions for each class to approach cybersecurity awareness and competence more consistent with SME needs.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

中小企业网络安全能力与意识的分类研究

网络安全越来越受到中小企业的关注，并且有许多针对中小企业的意识培训计划和工具。文献主要将中小企业作为单一类型的公司进行研究，并提供了一刀切的建议和解决方案。然而，中小企业并非同质化的。它们具有不同的漏洞、网络安全需求和能力。很少有研究考虑到这些中小企业在安全工具采用和网络安全定制方面的标准和证书的差异。本研究提出了一个分类框架，概述了每个类别的网络安全改进需求。该框架根据其特征和特定的安全需求提出了五种类型的中小企业:网络安全放弃型中小企业、无技能型中小企业、专家型中小企业、有能力型中小企业和网络安全提供商型中小企业。除了描述这五个类别外，研究还解释了该框架在样本中小企业中的使用情况。该框架为每个类别提出了解决方案，以使网络安全意识和能力更符合中小企业的需求。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 16th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量