Information Security Management Framework Suitability Estimation for Small and Medium Enterprise

Kaušpadienė, Laima; Ramanauskaitė, Simona; Čenys, Antanas

doi:10.3846/tede.2019.10298

Cited by 10 publications

(8 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The research literature covering SMEs and cyber security does offer SME-specific information security guidelines (Sangani and Vijayakumar, 2012;Todd and Rahman, 2015;Harris and Patten, 2014;Brodin and Rose, 2020;Pagura, 2020;Schneider, 2013;Kau spadien_ e et al, 2019). However, while these guidelines are excellent, it is also the case that SMEs are not necessarily going to delve into the academic research literature to find the right advice.…”

Section: Metaview Of Publicationsmentioning

confidence: 99%

A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs

Renaud

Ophoff

2021

OCJ

View full text Add to dashboard Cite

PurposeThere is widespread concern about the fact that small- and medium-sized enterprises (SMEs) seem to be particularly vulnerable to cyberattacks. This is perhaps because smaller businesses lack sufficient situational awareness to make informed decisions in this space, or because they lack the resources to implement security controls and precautions.Design/methodology/approachIn this paper, Endsley’s theory of situation awareness was extended to propose a model of SMEs’ cyber situational awareness, and the extent to which this awareness triggers the implementation of cyber security measures. Empirical data were collected through an online survey of 361 UK-based SMEs; subsequently, the authors used partial least squares modeling to validate the model.FindingsThe results show that heightened situational awareness, as well as resource availability, significantly affects SMEs’ implementation of cyber precautions and controls.Research limitations/implicationsWhile resource limitations are undoubtedly a problem for SMEs, their lack of cyber situational awareness seems to be the area requiring most attention.Practical implicationsThe findings of this study are reported and recommendations were made that can help to improve situational awareness, which will have the effect of encouraging the implementation of cyber security measures.Originality/valueThis is the first study to apply the situational awareness theory to understand why SMEs do not implement cyber security best practice measures.

show abstract

Section: Metaview Of Publicationsmentioning

confidence: 99%

A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs

Renaud

Ophoff

2021

OCJ

View full text Add to dashboard Cite

show abstract

“…Several organisations and studies introduced some information security management frameworks for the past few years. Unfortunately, most security frameworks are not fully compatible with small businesses as most of them are too complicated to be applied by small businesses that have limited resources (Kaušpadien_ e et al, 2019). One of the information security frameworks applicable for small businesses is the SABSA information security framework.…”

Section: Information Security Frameworkmentioning

confidence: 99%

“…Cybersecurity risk is identified as one of the main concerns for small businesses in using information technology (IT) (Iddris, 2012;Grant et al, 2014;Nugroho et al, 2017). This concern is reasonable because cybersecurity incident in an organisation will be costly and negatively affect an organisation's operation and reputation (Kaušpadien_ e et al, 2019). However, small businesses' decision to adopt IT is greatly influenced by the environment or external pressures (Perdana, 2011;Kurnia et al, 2015).…”

Section: Introductionmentioning

confidence: 99%

“…However, there were several noteworthy exceptions. Kaušpadien_ e, Ramanauskait_ e and Cenys (Kaušpadien_ e et al, 2019) assessed existing information security frameworks to evaluate their suitability for small and medium enterprises (SMEs) and defined which criteria are the most relevant for SMEs. Several studies focused on identifying what SMEs had done regarding cybersecurity risks and decisions (Yildirim et al, 2011;Osborn and Simpson, 2017;Berry and Berry, 2018).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case

Yudhiyati

Putritama

Rahmawati

2021

JICES

View full text Add to dashboard Cite

Purpose This study aims to identify and analyse the issues faced by internet-based small businesses in developing countries regarding cybersecurity and document how these businesses address the risks. Design/methodology/approach This study used the qualitative method. Respondents were internet-based small businesses selected by using theoretical sampling. Data were collected by using interviews and observations. The validity of the analysis was ensured by using triangulation and member checking. Findings This study reveals that small businesses managed to identify the loss of physical and monetary assets as possible damage. However, only a few businesses identified loss of intangible assets as possible cyber risks. Most small businesses had used basic cybersecurity measures to protect data access and some primary business activities. Unfortunately, they rarely take initiatives in preventing and early detecting cyber risks. Research limitations/implications Findings of this study cannot be generalised as it aims to obtain new insights and document unexplored findings. Thus, if this study’s findings are going to be generalised, it is necessary to conduct an additional study. Secondly, this study did not assess how far small business had fulfilled the relevant information security framework as assessment required additional research, and this study only aimed to map the current situation in small businesses. Practical implications This study emphasised the importance of identifying valuable assets or resources when implementing cybersecurity measures. Focusing on security measures to protect identified assets from cyber risk will make the efforts more efficient and effective than using standardised cybersecurity measures. Third-party developers can also use this study to understand small businesses’ current cybersecurity implementation and their characters to design online platforms that suit these needs. Governments can also design educational activities that address small businesses’ lack of knowledge. Originality/value Most studies which focus on small businesses and information technology (IT) usually only discuss how they use IT. This study also brings new contributions by focusing on developing countries and specifically addresses internet-based technology cyber risk faced by e-commerce businesses. The qualitative method is used as most studies in e-commerce adoption were positivistic in nature, and inductive-based studies were rarely found on the topic.

show abstract

“…In the articles by Mayer, N., Aubert, J., & Grandry, E. [1], Kauspadiene, L., Ramanauskaite, S., & Cenys, A. [2] technical and technological aspects of enterprise security and ways of their achievement were discussed.…”

Section: Introductionmentioning

confidence: 99%

Economic Security in the Activity of Enterprises: Management Aspect

Семенча¹

2019

New Stages of Development of Modern Science in Ukraine and EU Countries

View full text Add to dashboard Cite

This article considers an integral part of the economic security of an enterprise which is management security. An analysis of recent studies has shown that economic security has not been considered in terms of management aspects before. In this article we suggest that management security should be considered as the state of the management system of an enterprise, in which the influence of the system is carried out in an optimal way, with the dynamics of the external and internal environment changes taken into account, having possible risks, problems and deviations from the set objectives foreseen, in order to maintain the balanced state of all enterprise subsystems. The purpose of the article was to consider the components of the management security of an enterprise, to give a general description to each of these elements, and also to consider the most important aspects which can be used to prevent management threats. In this research there were used such general scientific methods as analysis, synthesis, and generalization; methods of set theory, graph theory, semantic and mathematical modeling when considering competence and situational management security. In the process of the research, there were determined the components of management security in the management system: target security, methodological security, functional security, competency-based security, security of management impact, implementation security, situational security. For each component of management security, the characteristics are formulated and the most important security aspects for management threats prevention are identified. To ensure functional management security, the implementation of the organizational function is very important for each enterprise. On the one hand, it has been noted in the article that the organizational function should involve clear alloca

show abstract

Information Security Management Framework Suitability Estimation for Small and Medium Enterprise

Cited by 10 publications

References 29 publications

A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs

A cyber situational awareness model to predict the implementation of cyber security controls and precautions by SMEs

What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case

Economic Security in the Activity of Enterprises: Management Aspect

Contact Info

Product

Resources

About