Elicitation of SME Requirements for Cybersecurity Solutions by Studying
Adherence to Recommendations
- URL: http://arxiv.org/abs/2007.08177v1
- Date: Thu, 16 Jul 2020 08:36:40 GMT
- Title: Elicitation of SME Requirements for Cybersecurity Solutions by Studying
Adherence to Recommendations
- Authors: Alireza Shojaifar, Samuel A. Fricker, Martin Gwerder
- Abstract summary: Small and medium-sized enterprises (SME) have become the weak spot of our economy for cyber attacks.
One of the reasons for why many SME do not adopt cybersecurity is that developers of cybersecurity solutions understand little the SME context.
This poster describes the challenges of SME regarding cybersecurity and introduces our proposed approach to elicit requirements for cybersecurity solutions.
- Score: 1.138723572165938
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Small and medium-sized enterprises (SME) have become the weak spot of our
economy for cyber attacks. These companies are large in number and often do not
have the controls in place to prevent successful attacks, respectively are not
prepared to systematically manage their cybersecurity capabilities. One of the
reasons for why many SME do not adopt cybersecurity is that developers of
cybersecurity solutions understand little the SME context and the requirements
for successful use of these solutions. We elicit requirements by studying how
cybersecurity experts provide advice to SME. The experts recommendations offer
insights into what important capabilities of the solution are and how these
capabilities ought to be used for mitigating cybersecurity threats. The
adoption of a recommendation hints at a correct match of the solution, hence
successful consideration of requirements. Abandoned recommendations point to a
misalignment that can be used as a source to inquire missed requirements.
Re-occurrence of adoption or abandonment decisions corroborate the presence of
requirements. This poster describes the challenges of SME regarding
cybersecurity and introduces our proposed approach to elicit requirements for
cybersecurity solutions. The poster describes CYSEC, our tool used to capture
cybersecurity advice and help to scale cybersecurity requirements elicitation
to a large number of participating SME. We conclude by outlining the planned
research to develop and validate CYSEC.
Related papers
- Toward Mixture-of-Experts Enabled Trustworthy Semantic Communication for 6G Networks [82.3753728955968]
We introduce a novel Mixture-of-Experts (MoE)-based SemCom system.
This system comprises a gating network and multiple experts, each specializing in different security challenges.
The gating network adaptively selects suitable experts to counter heterogeneous attacks based on user-defined security requirements.
A case study in vehicular networks demonstrates the efficacy of the MoE-based SemCom system.
arXiv Detail & Related papers (2024-09-24T03:17:51Z) - Enhancing cybersecurity defenses: a multicriteria decision-making approach to MITRE ATT&CK mitigation strategy [0.0]
This paper proposes a defense strategy for the presented security threats by determining and prioritizing which security control to put in place.
This approach helps organizations achieve a more robust and resilient cybersecurity posture.
arXiv Detail & Related papers (2024-07-27T09:47:26Z) - A Safe Harbor for AI Evaluation and Red Teaming [124.89885800509505]
Some researchers fear that conducting such research or releasing their findings will result in account suspensions or legal reprisal.
We propose that major AI developers commit to providing a legal and technical safe harbor.
We believe these commitments are a necessary step towards more inclusive and unimpeded community efforts to tackle the risks of generative AI.
arXiv Detail & Related papers (2024-03-07T20:55:08Z) - Cybersecurity as a Service [0.43981305860983705]
This chapter gives an overview of common cybersecurity as a service functions and their providers.
It provides guidance especially for small- and medium-sized businesses, for asking the appropriate questions when it comes to the selection of a specific MSSP.
arXiv Detail & Related papers (2024-02-21T17:49:53Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - Data Driven Approaches to Cybersecurity Governance for Board Decision-Making -- A Systematic Review [0.0]
This systematic literature review investigates the existing risk measurement instruments, cybersecurity metrics, and associated models for supporting BoDs.
The findings showed that, although sophisticated cybersecurity tools exist and are developing, there is limited information for Board of Directors to support them in terms of metrics and models to govern cybersecurity in a language they understand.
arXiv Detail & Related papers (2023-11-29T12:14:01Z) - Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society.
Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities.
With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z) - Proceedings of the Artificial Intelligence for Cyber Security (AICS)
Workshop at AAAI 2022 [55.573187938617636]
The workshop will focus on the application of AI to problems in cyber security.
Cyber systems generate large volumes of data, utilizing this effectively is beyond human capabilities.
arXiv Detail & Related papers (2022-02-28T18:27:41Z) - Automating the Communication of Cybersecurity Knowledge: Multi-Case
Study [1.138723572165938]
This paper explores an alternative do-it-yourself (DIY) approach to bringing cybersecurity to small businesses.
Our method implements the Self-Determination Theory (SDT) guide and motivate to adopt good cybersecurity practices.
The results of this study indicate that automated counselling can help many SMB in security adoption.
arXiv Detail & Related papers (2020-07-15T10:30:20Z) - SMEs' Confidentiality Concerns for Security Information Sharing [1.3452510519858993]
Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks.
This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing.
The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing.
arXiv Detail & Related papers (2020-07-13T10:59:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.