SMEs' Confidentiality Concerns for Security Information Sharing

• URL: http://arxiv.org/abs/2007.06308v2
• Date: Thu, 22 Jul 2021 16:19:50 GMT
• Title: SMEs' Confidentiality Concerns for Security Information Sharing
• Authors: Alireza Shojaifar and Samuel A. Fricker
• Abstract summary: Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks. This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing.
• Score: 1.3452510519858993
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks. SMEs have specific characteristics which separate them from large companies and influence their adoption of good cybersecurity practices. To mitigate the SMEs' cybersecurity adoption issues and raise their awareness of cyber threats, we have designed a self-paced security assessment and capability improvement method, CYSEC. CYSEC is a security awareness and training method that utilises self-reporting questionnaires to collect companies' information about cybersecurity awareness, practices, and vulnerabilities to generate automated recommendations for counselling. However, confidentiality concerns about cybersecurity information have an impact on companies' willingness to share their information. Security information sharing decreases the risk of incidents and increases users' self-efficacy in security awareness programs. This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The results were analysed in respect of the Self Determination Theory. The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing. This allows many SMEs to participate in security information sharing activities and supports security experts to have a better overview of common vulnerabilities. The final publication is available at Springer via https://doi.org/10.1007/978-3-030-57404-8_22

Related papers

• FSCsec: Collaboration in Financial Sector Cybersecurity -- Exploring the Impact of Resource Sharing on IT Security [0.9374652839580183]
  This research aims to provide insights that can help financial institutions make better decisions to protect. By using simple theories to understand these factors, this research aims to provide insights that can help financial institutions make better decisions to protect.
  arXiv  Detail & Related papers  (2024-10-19T20:03:27Z)
• SeCTIS: A Framework to Secure CTI Sharing [13.251593345960265]
  The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data. We design a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing) to enable businesses to collaborate, preserving the privacy of their CTI data.
  arXiv  Detail & Related papers  (2024-06-20T08:34:50Z)
• We need to aim at the top: Factors associated with cybersecurity awareness of cyber and information security decision-makers [0.0]
  We study cybersecurity awareness of cyber and information security decision-makers. Our findings indicate that awareness of well-known threats and solutions seems to be quite low for individuals in decision-making roles.
  arXiv  Detail & Related papers  (2024-04-06T20:32:19Z)
• Secure Aggregation is Not Private Against Membership Inference Attacks [66.59892736942953]
  We investigate the privacy implications of SecAgg in federated learning. We show that SecAgg offers weak privacy against membership inference attacks even in a single training round. Our findings underscore the imperative for additional privacy-enhancing mechanisms, such as noise injection.
  arXiv  Detail & Related papers  (2024-03-26T15:07:58Z)
• A Safe Harbor for AI Evaluation and Red Teaming [124.89885800509505]
  Some researchers fear that conducting such research or releasing their findings will result in account suspensions or legal reprisal. We propose that major AI developers commit to providing a legal and technical safe harbor. We believe these commitments are a necessary step towards more inclusive and unimpeded community efforts to tackle the risks of generative AI.
  arXiv  Detail & Related papers  (2024-03-07T20:55:08Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)
• ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management [65.0114141380651]
  ThreatKG is an automated system for OSCTI gathering and management. It efficiently collects a large number of OSCTI reports from multiple sources. It uses specialized AI-based techniques to extract high-quality knowledge about various threat entities.
  arXiv  Detail & Related papers  (2022-12-20T16:13:59Z)
• A System for Automated Open-Source Threat Intelligence Gathering and Management [53.65687495231605]
  SecurityKG is a system for automated OSCTI gathering and management. It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
  arXiv  Detail & Related papers  (2021-01-19T18:31:35Z)
• SMEs Confidentiality Issues and Adoption of Good Cybersecurity Practices [0.0]
  Small and medium-sized enterprises (SME) are considered more vulnerable to cyber-attacks. We are designing a do-it-yourself (DIY) security assessment and capability improvement method, CYSEC. In this paper, we explore the importance of dynamic consent and its effect on SMEs trust perception and sharing information.
  arXiv  Detail & Related papers  (2020-07-16T09:24:51Z)
• Automating the Communication of Cybersecurity Knowledge: Multi-Case Study [1.138723572165938]
  This paper explores an alternative do-it-yourself (DIY) approach to bringing cybersecurity to small businesses. Our method implements the Self-Determination Theory (SDT) guide and motivate to adopt good cybersecurity practices. The results of this study indicate that automated counselling can help many SMB in security adoption.
  arXiv  Detail & Related papers  (2020-07-15T10:30:20Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.