SMEs' Confidentiality Concerns for Security Information Sharing
- URL: http://arxiv.org/abs/2007.06308v2
- Date: Thu, 22 Jul 2021 16:19:50 GMT
- Title: SMEs' Confidentiality Concerns for Security Information Sharing
- Authors: Alireza Shojaifar and Samuel A. Fricker
- Abstract summary: Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks.
This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing.
The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing.
- Score: 1.3452510519858993
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Small and medium-sized enterprises are considered an essential part of the EU
economy, however, highly vulnerable to cyberattacks. SMEs have specific
characteristics which separate them from large companies and influence their
adoption of good cybersecurity practices. To mitigate the SMEs' cybersecurity
adoption issues and raise their awareness of cyber threats, we have designed a
self-paced security assessment and capability improvement method, CYSEC. CYSEC
is a security awareness and training method that utilises self-reporting
questionnaires to collect companies' information about cybersecurity awareness,
practices, and vulnerabilities to generate automated recommendations for
counselling. However, confidentiality concerns about cybersecurity information
have an impact on companies' willingness to share their information. Security
information sharing decreases the risk of incidents and increases users'
self-efficacy in security awareness programs. This paper presents the results
of semi-structured interviews with seven chief information security officers of
SMEs to evaluate the impact of online consent communication on motivation for
information sharing. The results were analysed in respect of the Self
Determination Theory. The findings demonstrate that online consent with
multiple options for indicating a suitable level of agreement improved
motivation for information sharing. This allows many SMEs to participate in
security information sharing activities and supports security experts to have a
better overview of common vulnerabilities. The final publication is available
at Springer via https://doi.org/10.1007/978-3-030-57404-8_22
Related papers
- FSCsec: Collaboration in Financial Sector Cybersecurity -- Exploring the Impact of Resource Sharing on IT Security [0.9374652839580183]
This research aims to provide insights that can help financial institutions make better decisions to protect.
By using simple theories to understand these factors, this research aims to provide insights that can help financial institutions make better decisions to protect.
arXiv Detail & Related papers (2024-10-19T20:03:27Z) - Breach By A Thousand Leaks: Unsafe Information Leakage in `Safe' AI Responses [42.136793654338106]
We introduce a new safety evaluation framework based on impermissible information leakage of model outputs.
We show that to ensure safety against inferential adversaries, defense mechanisms must ensure information censorship.
arXiv Detail & Related papers (2024-07-02T16:19:25Z) - SeCTIS: A Framework to Secure CTI Sharing [13.251593345960265]
The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks.
Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data.
We design a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing) to enable businesses to collaborate, preserving the privacy of their CTI data.
arXiv Detail & Related papers (2024-06-20T08:34:50Z) - We need to aim at the top: Factors associated with cybersecurity awareness of cyber and information security decision-makers [0.0]
We study cybersecurity awareness of cyber and information security decision-makers.
Our findings indicate that awareness of well-known threats and solutions seems to be quite low for individuals in decision-making roles.
arXiv Detail & Related papers (2024-04-06T20:32:19Z) - Secure Aggregation is Not Private Against Membership Inference Attacks [66.59892736942953]
We investigate the privacy implications of SecAgg in federated learning.
We show that SecAgg offers weak privacy against membership inference attacks even in a single training round.
Our findings underscore the imperative for additional privacy-enhancing mechanisms, such as noise injection.
arXiv Detail & Related papers (2024-03-26T15:07:58Z) - A Safe Harbor for AI Evaluation and Red Teaming [124.89885800509505]
Some researchers fear that conducting such research or releasing their findings will result in account suspensions or legal reprisal.
We propose that major AI developers commit to providing a legal and technical safe harbor.
We believe these commitments are a necessary step towards more inclusive and unimpeded community efforts to tackle the risks of generative AI.
arXiv Detail & Related papers (2024-03-07T20:55:08Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management [65.0114141380651]
ThreatKG is an automated system for OSCTI gathering and management.
It efficiently collects a large number of OSCTI reports from multiple sources.
It uses specialized AI-based techniques to extract high-quality knowledge about various threat entities.
arXiv Detail & Related papers (2022-12-20T16:13:59Z) - A System for Automated Open-Source Threat Intelligence Gathering and
Management [53.65687495231605]
SecurityKG is a system for automated OSCTI gathering and management.
It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
arXiv Detail & Related papers (2021-01-19T18:31:35Z) - SMEs Confidentiality Issues and Adoption of Good Cybersecurity Practices [0.0]
Small and medium-sized enterprises (SME) are considered more vulnerable to cyber-attacks.
We are designing a do-it-yourself (DIY) security assessment and capability improvement method, CYSEC.
In this paper, we explore the importance of dynamic consent and its effect on SMEs trust perception and sharing information.
arXiv Detail & Related papers (2020-07-16T09:24:51Z) - Automating the Communication of Cybersecurity Knowledge: Multi-Case
Study [1.138723572165938]
This paper explores an alternative do-it-yourself (DIY) approach to bringing cybersecurity to small businesses.
Our method implements the Self-Determination Theory (SDT) guide and motivate to adopt good cybersecurity practices.
The results of this study indicate that automated counselling can help many SMB in security adoption.
arXiv Detail & Related papers (2020-07-15T10:30:20Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.