2020
DOI: 10.1109/access.2020.3026063
|View full text |Cite
|
Sign up to set email alerts
|

Systematic Approach to Cyber Resilience Operationalization in SMEs

Abstract: The constantly evolving cyber threat landscape is a latent problem for today's companies. This is especially true for the Small and Medium-sized Enterprises (SMEs) because they have limited resources to face the threats but, as a group, represent an extensive payload for cybercriminals to exploit. Moreover, the traditional cybersecurity approach of protecting against known threats cannot withstand the rapidly evolving technologies and threats used by cybercriminals. This study claims that cyber resilience, a m… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
71
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
4
3

Relationship

1
6

Authors

Journals

citations
Cited by 33 publications
(71 citation statements)
references
References 37 publications
0
71
0
Order By: Relevance
“…Information security management is a crucial challenge for the companies, as they aim to prevent the exposure to security and privacy threats to information systems and networking infrastructure. Although many of SMEs may have a minimal IT infrastructure to fight cyberattacks [13,14], they can act on a preliminary phase in order to gradually improve their security level. Therefore, organisations must ensure that their businesses processes, policies, and workforce behaviour allow them to minimize and mitigate some of the risks that are involved in their information systems and IT infrastructures [15,16].…”
Section: Information Security Management and Cybersecuritymentioning
confidence: 99%
“…Information security management is a crucial challenge for the companies, as they aim to prevent the exposure to security and privacy threats to information systems and networking infrastructure. Although many of SMEs may have a minimal IT infrastructure to fight cyberattacks [13,14], they can act on a preliminary phase in order to gradually improve their security level. Therefore, organisations must ensure that their businesses processes, policies, and workforce behaviour allow them to minimize and mitigate some of the risks that are involved in their information systems and IT infrastructures [15,16].…”
Section: Information Security Management and Cybersecuritymentioning
confidence: 99%
“…For instance, there are several frameworks that often include domains and policies to guide companies on what is needed in order to operationalize cyber resilience [8], [12]- [15]. Although these frameworks are sometimes comparable, they are often not completely equivalent to each other and offer nuances that can be important for certain companies, but might be too advanced for others, such as SMEs [7]. Similarly, standards can help companies in their cyber resilience operationalization.…”
Section: State Of the Artmentioning
confidence: 99%
“…To compare these documents and their ability to aid SMEs in the cyber resilience operationalization, they needed to be compared on their ability to help companies determine their current cyber resilience state, define improvement actions and prioritize them. These documents were all selected based on the criterion of defining a set of policies to operationalize cyber resilience [7], and therefore they all are able to aid companies in the definition of improvement actions. Thus, the comparison in this article focused on these tools' abilities to aid companies in the assessment of their current state and on the prioritization of the improvement actions they defined.…”
Section: State Of the Artmentioning
confidence: 99%
See 2 more Smart Citations