Classifying SMEs for Approaching Cybersecurity Competence and Awareness

Shojaifar, Alireza; Järvinen, Heini

doi:10.1145/3465481.3469200

Cited by 8 publications

(5 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In Saleem, [12], the authors stressed the importance of applying mitigation strategies in deterring cyber-attacks. They posited that one of the ways to mitigate cybersecurity incidents is to ensure that all devices connected to the internet run on the latest patch update of the software and hardware manufacturer.…”

Section: Related Workmentioning

confidence: 99%

“…Cybersecurity refers to the protection of the confidentiality, integrity, and availability (CIA) of information systems as well as data in the face of attacks [18]. It also means a combination of rules emplaced in order to protect the cyber domain [12]. Confidentiality entails protecting information and data from disclosure to unauthorised individual or group of persons and parties.…”

Section: Basic Terminologiesmentioning

confidence: 99%

“…Integrity of data refers to protection of data from alteration. While availability is when information, data and services are accessible to those who have the authority access it whenever they need it [4,12]. Cybersecurity attempts to ensure that users or enterprises' information infrastructure and assets are protected against all related risks.…”

Section: Basic Terminologiesmentioning

confidence: 99%

See 2 more Smart Citations

Improving cybersecurity incidents reporting in Nigeria: micro and small enterprises perspectives

Ikuero¹,

Zeng²

2022

Nig. J. Tech.

View full text Add to dashboard Cite

Leveraging on the provisions of the internet enhances the productivity of Micro and Small Enterprises (MSEs), increases industrial growth and their contributions to national prosperity. Every cyber-attack against their businesses should be reported to the requisite incident response body through the appropriate channels for quick recovery from attack. This research examines how the MSEs in Nigeria report cybersecurity incidents. This study surveyed 100 MSEs. The outcome of the research shows that 72% of the MSEs is unaware of the channel of reporting cyber incidents and does not report cyber incidents. Participants totaling 90% believe that the Sectoral Computer Security Incident Response Team (CSIRT) could improve on reporting of cybersecurity incidents through sensitisation. Amongst others, we recommended the Sectoral CSIRTs were to develop an Incident Report and Response Plan (IRRP) for managing cybersecurity incidents in MSEs.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Basic Terminologiesmentioning

confidence: 99%

Section: Basic Terminologiesmentioning

confidence: 99%

See 1 more Smart Citation

Improving cybersecurity incidents reporting in Nigeria: micro and small enterprises perspectives

Ikuero¹,

Zeng²

2022

Nig. J. Tech.

View full text Add to dashboard Cite

show abstract

“…The framework proposes solutions for each class to approach cybersecurity awareness and competence more consistent with SME needs. This chapter is based on the following publication: Shojaifar, A., & Järvinen, H. (2021). Classifying SMEs for Approaching Cybersecurity Competence and Awareness.…”

Section: Discussionmentioning

confidence: 99%

“…Chapter 7 is published as Shojaifar, A., & Järvinen, H. (2021). Classifying SMEs for Approaching Cybersecurity Competence and Awareness.…”

Section: The Chain Of Chaptersmentioning

confidence: 99%

Volitional Cybersecurity

Shojaifar

View full text Add to dashboard Cite

This dissertation introduces the “Volitional Cybersecurity” (VCS) theory as a systematic way to think about adoption and manage long-term adherence to cybersecurity approaches. The validation of VCS has been performed in small- and medium-sized enterprises or businesses (SMEs/SMBs) context. The focus on volitional activities promotes theoretical viewpoints. Also, it aids in demystifying the aspects of cybersecurity behaviour in heterogeneous contexts that have neither been systematically elaborated in prior studies nor embedded in cybersecurity solutions. Abundant literature demonstrates a lack of adoption of manifold cybersecurity remediations. It is still not adequately clear how to select and compose cybersecurity approaches into solutions for meeting the needs of many diverse cybersecurity-adopting organisations. Moreover, the studied theories in this context mainly originated from disciplines other than information systems and cybersecurity. The constructs were developed based on data, for instance, in psychology or criminology, that seem not to fit properly for the cybersecurity context. Consequently, discovering new methods and theories that can be of help in active and volitional forms of cybersecurity behaviour in diverse contexts may be conducive to a better quality of cybersecurity engagement. This leads to the main research question of this dissertation: How can we support volitional forms of behaviour with a self-paced tool to increase the quality of cybersecurity engagement? The main contribution of this dissertation is the VCS theory. VCS is a cybersecurity-focused theory structured around the core concept of volitional cybersecurity behaviour. It suggests that a context can be classified based on the cybersecurity competence of target groups and their distinct requirements. This classification diminishes the complexity of the context and is predictive of improvement needs for each class. Further, the theory explicates that supporting three factors: A) personalisation, B) cybersecurity competence, and C) connectedness to cybersecurity expertise affect the adoption of cybersecurity measures and better quality of cybersecurity engagement across all classes of the context. Therefore, approaches that ignore the personalisation of cybersecurity solutions, the cybersecurity competence of target groups, and the connectedness of recipients to cybersecurity expertise may lead to poorer acceptance of the value or utility of solutions. Subsequently, it can cause a lack of motivation for adopting cybersecurity solutions and adherence to best practices. VCS generates various implications. It has implications for cybersecurity research in heterogeneous contexts to transcend the common cybersecurity compliance approaches. Building on VCS, researchers could develop interventions looking for volitional cybersecurity behaviour change. Also, it provides knowledge that can be useful in the design of self-paced cybersecurity tools. VCS explains why the new self-paced cybersecurity tool needs specific features. The findings of this dissertation have been subsequently applied to the follow-up project design. Further, it has implications for practitioners and service providers to reach out to the potential end-users of their solutions.

show abstract