Related papers: SMEs Confidentiality Issues and Adoption of Good Cybersecurity Practices

SMEs Confidentiality Issues and Adoption of Good Cybersecurity Practices

URL: http://arxiv.org/abs/2007.08201v1
Date: Thu, 16 Jul 2020 09:24:51 GMT
Title: SMEs Confidentiality Issues and Adoption of Good Cybersecurity Practices
Authors: Alireza Shojaifar
Abstract summary: Small and medium-sized enterprises (SME) are considered more vulnerable to cyber-attacks. We are designing a do-it-yourself (DIY) security assessment and capability improvement method, CYSEC. In this paper, we explore the importance of dynamic consent and its effect on SMEs trust perception and sharing information.
Score: 0.0
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Small and medium-sized enterprises (SME) are considered more vulnerable to cyber-attacks. However, and based on SMEs characteristics, they do not adopt good cybersecurity practices. To address the SMEs security adoption problem, we are designing a do-it-yourself (DIY) security assessment and capability improvement method, CYSEC. In the first validation of CYSEC, we conducted a multi-case study in four SMEs. We observed that confidentiality concerns could influence users decisions to provide CYSEC with relevant and accurate security information. The lack of precise information may impact our DIY assessment method to provide accurate recommendations. In this paper, we explore the importance of dynamic consent and its effect on SMEs trust perception and sharing information. We discuss the lack of trust perception may be addressed by applying dynamic consent. Finally, we describe the results of three interviews with SMEs and present how the new way of communication in CYSEC can help us to understand better SMEs attitudes towards sharing information.

Related papers

Criticality and Safety Margins for Reinforcement Learning [53.10194953873209]
We seek to define a criticality framework with both a quantifiable ground truth and a clear significance to users. We introduce true criticality as the expected drop in reward when an agent deviates from its policy for n consecutive random actions. We also introduce the concept of proxy criticality, a low-overhead metric that has a statistically monotonic relationship to true criticality.
arXiv Detail & Related papers (2024-09-26T21:00:45Z)
SeCTIS: A Framework to Secure CTI Sharing [13.251593345960265]
The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data. We design a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing) to enable businesses to collaborate, preserving the privacy of their CTI data.
arXiv Detail & Related papers (2024-06-20T08:34:50Z)
Secure Aggregation is Not Private Against Membership Inference Attacks [66.59892736942953]
We investigate the privacy implications of SecAgg in federated learning. We show that SecAgg offers weak privacy against membership inference attacks even in a single training round. Our findings underscore the imperative for additional privacy-enhancing mechanisms, such as noise injection.
arXiv Detail & Related papers (2024-03-26T15:07:58Z)
A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z)
The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z)
Privacy-Constrained Policies via Mutual Information Regularized Policy Gradients [54.98496284653234]
We consider the task of training a policy that maximizes reward while minimizing disclosure of certain sensitive state variables through the actions. We solve this problem by introducing a regularizer based on the mutual information between the sensitive state and the actions. We develop a model-based estimator for optimization of privacy-constrained policies.
arXiv Detail & Related papers (2020-12-30T03:22:35Z)
PCAL: A Privacy-preserving Intelligent Credit Risk Modeling Framework Based on Adversarial Learning [111.19576084222345]
This paper proposes a framework of Privacy-preserving Credit risk modeling based on Adversarial Learning (PCAL) PCAL aims to mask the private information inside the original dataset, while maintaining the important utility information for the target prediction task performance. Results indicate that PCAL can learn an effective, privacy-free representation from user data, providing a solid foundation towards privacy-preserving machine learning for credit risk analysis.
arXiv Detail & Related papers (2020-10-06T07:04:59Z)
Elicitation of SME Requirements for Cybersecurity Solutions by Studying Adherence to Recommendations [1.138723572165938]
Small and medium-sized enterprises (SME) have become the weak spot of our economy for cyber attacks. One of the reasons for why many SME do not adopt cybersecurity is that developers of cybersecurity solutions understand little the SME context. This poster describes the challenges of SME regarding cybersecurity and introduces our proposed approach to elicit requirements for cybersecurity solutions.
arXiv Detail & Related papers (2020-07-16T08:36:40Z)
Automating the Communication of Cybersecurity Knowledge: Multi-Case Study [1.138723572165938]
This paper explores an alternative do-it-yourself (DIY) approach to bringing cybersecurity to small businesses. Our method implements the Self-Determination Theory (SDT) guide and motivate to adopt good cybersecurity practices. The results of this study indicate that automated counselling can help many SMB in security adoption.
arXiv Detail & Related papers (2020-07-15T10:30:20Z)
SMEs' Confidentiality Concerns for Security Information Sharing [1.3452510519858993]
Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks. This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing.
arXiv Detail & Related papers (2020-07-13T10:59:40Z)
"It's Not Something We Have Talked to Our Team About": Results From a Preliminary Investigation of Cybersecurity Challenges in Denmark [0.5249805590164901]
We conducted a preliminary study running semi-structured interviews with four employees from four different companies. Our results show that companies are lacking fundamental security protection and are in need of guidance and tools. We discuss steps towards further investigation towards developing a framework targeting SMEs that want to adopt straightforward and actionable IT security guidance.
arXiv Detail & Related papers (2020-07-10T09:07:39Z)

This list is automatically generated from the titles and abstracts of the papers in this site.