2021
DOI: 10.1109/access.2021.3085530
|View full text |Cite
|
Sign up to set email alerts
|

Cyber Resilience Self-Assessment Tool (CR-SAT) for SMEs

Abstract: On the current environment, companies face risks and threats to the systems they need to operate often known as cyber threats. Most of these companies are small and medium-sized enterprises (SMEs) and they are exposed to these cyber threats. To mitigate the risks and be able to thrive with as little disruption as possible, SMEs require cyber resilience capabilities. However, due to their limited resources, SMEs usually have no dedicated personnel for cyber resilience operationalization and thus lack the experi… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
11
0

Year Published

2022
2022
2023
2023

Publication Types

Select...
6
1

Relationship

0
7

Authors

Journals

citations
Cited by 8 publications
(11 citation statements)
references
References 28 publications
0
11
0
Order By: Relevance
“…Fundamentally, control domains are necessary as key controls for risk assessment. Table 4 presents the extracted shared control domains among the CSMA frameworks reported in seven research articles [20,25,28,32,33,35,39]. Based on the obtained results, common control domains that can be streamlined and evaluated in the risk assessment stage were found evident.…”
Section: Rq4: What Are the Shared Control Domains Between The Existin...mentioning
confidence: 97%
See 2 more Smart Citations
“…Fundamentally, control domains are necessary as key controls for risk assessment. Table 4 presents the extracted shared control domains among the CSMA frameworks reported in seven research articles [20,25,28,32,33,35,39]. Based on the obtained results, common control domains that can be streamlined and evaluated in the risk assessment stage were found evident.…”
Section: Rq4: What Are the Shared Control Domains Between The Existin...mentioning
confidence: 97%
“…Considering that SMEs and start-ups are similar in terms of size [5], seven other research articles that focused on CSMA frameworks for SMEs were also identified: 1) Cybersecurity Risk Management in Small and Medium-Sized Enterprises: A Systematic Review of Recent Evidence [9] 2) The framework of Effective Risk Management in Small and Medium Enterprises (SMEs): A Literature Review [19] 3) A Dynamic Simulation Approach to Support the Evaluation of Cyber Risks and Security Investments in SMEs [22] 4) A Novel Cybersecurity Framework for Countermeasure of SMEs in Saudi Arabia [26] 5) Calculated Risk? A Cybersecurity Evaluation Tool for SMEs [30] 6) Cyber Resilience Self-Assessment Tool (CR-SAT) for SMEs [32] 7) Reference Framework "HOGO" for Cybersecurity in SMEs based on ISO27002 and 27032 [39] Overall, this study identified 37 CSMA frameworks from 24 research articles. Adding to that, only seven frameworks were reported to be specifically targeted for SMEs, whereas only one framework for start-ups was identified.…”
Section: Rq1: What Are the Cyber Security Maturity Assessment (Csma) ...mentioning
confidence: 99%
See 1 more Smart Citation
“…This supports early ndings (Haque, et al, 2018) which states that "although many of the frameworks provide some subjective guidance of resilience study, they all lack clear explanation on the quantitative resilience metrics formulation". Recent research attempts to resolve such challenges (Carías, et al, 2021) produced a Cyber Resilience Assessment tool to aid Small and Medium Enterprises (SMEs) in their CR operationalisation. Three case studies formed the basis for this study with reported success.…”
Section: Literature Reviewmentioning
confidence: 99%
“…Hence, there is an urgent need for adaptable, cost-effective risk-management solutions that navigate the evolving technological landscape [13][14][15]. Despite several recent studies on IT risk management, the literature reveals a significant gap, with most studies focusing on specific contexts such as cloud computing, SMEs, or ISO/IEC 27001 and failing to provide a broad overview of the efficacy of existing IT risk-management frameworks [1][2][3]6,[16][17][18][19]. This lack of systematic analysis creates a compelling research problem, to which this paper responds.…”
Section: Introductionmentioning
confidence: 99%