An End-To-End Cyber Security Maturity Model For Technology Startups

2022 IEEE International Conference on Computing (ICOCO) Pub Date : 2022-11-14 DOI:10.1109/ICOCO56118.2022.10031900

A. Selamat, Mohamed Noordin Yusuff Marican, S. H. Othman, S. Razak

{"title":"An End-To-End Cyber Security Maturity Model For Technology Startups","authors":"A. Selamat, Mohamed Noordin Yusuff Marican, S. H. Othman, S. Razak","doi":"10.1109/ICOCO56118.2022.10031900","DOIUrl":null,"url":null,"abstract":"Cybersecurity is increasingly becoming an important discussion topic in the boardroom of companies, regardless of the size or industry. Hackers nowadays are becoming increasingly smart. Instead of attacking big multi-national companies, international banks and government organisations which have built strong protection against cyber threats, the perpetrators now placed their focus on smaller and medium size businesses like technology start-ups through a variety of attacks from phishing, ransomware to the exploitation of vulnerabilities in the web or mobile applications. Therefore, it is imperative that technology start-ups have the capability in assessing their cyber security maturity to combat against cyber threats. However, for technology start-ups, it is especially imperative as cyber-attacks or data breaches could undeniably result in the loss of customers’ confidence, regulatory implications and revenue loss which could eventually result in the start-up untimely closure. Although there are available security frameworks commonly used in the industry by cyber security practitioners, these frameworks are not suitable for technology start-ups as they tend to be broad and generic, taking a long time to conduct the assessment requiring adequate manpower or even the need for a budget to hire external consultants to help in conducting the assessment. This study seeks to analyse the current cyber security frameworks and introduce an end-to-end Cyber Security Maturity Model, which can be used specifically for technology start-ups. The proposed model not only provides an end-to-end maturity assessment of the start-up’s cyber security posture but also coupled with an existing quantification model to justify the investments allocated in implementing cyber security measures for the start-up. Right-sizing the cyber security measures for the start-up in the different stages of the start-up lifecycle could allow reasonable controls to be implemented at the appropriate phase.","PeriodicalId":319652,"journal":{"name":"2022 IEEE International Conference on Computing (ICOCO)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Conference on Computing (ICOCO)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOCO56118.2022.10031900","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Cybersecurity is increasingly becoming an important discussion topic in the boardroom of companies, regardless of the size or industry. Hackers nowadays are becoming increasingly smart. Instead of attacking big multi-national companies, international banks and government organisations which have built strong protection against cyber threats, the perpetrators now placed their focus on smaller and medium size businesses like technology start-ups through a variety of attacks from phishing, ransomware to the exploitation of vulnerabilities in the web or mobile applications. Therefore, it is imperative that technology start-ups have the capability in assessing their cyber security maturity to combat against cyber threats. However, for technology start-ups, it is especially imperative as cyber-attacks or data breaches could undeniably result in the loss of customers’ confidence, regulatory implications and revenue loss which could eventually result in the start-up untimely closure. Although there are available security frameworks commonly used in the industry by cyber security practitioners, these frameworks are not suitable for technology start-ups as they tend to be broad and generic, taking a long time to conduct the assessment requiring adequate manpower or even the need for a budget to hire external consultants to help in conducting the assessment. This study seeks to analyse the current cyber security frameworks and introduce an end-to-end Cyber Security Maturity Model, which can be used specifically for technology start-ups. The proposed model not only provides an end-to-end maturity assessment of the start-up’s cyber security posture but also coupled with an existing quantification model to justify the investments allocated in implementing cyber security measures for the start-up. Right-sizing the cyber security measures for the start-up in the different stages of the start-up lifecycle could allow reasonable controls to be implemented at the appropriate phase.

查看原文本刊更多论文

面向科技创业公司的端到端网络安全成熟度模型

网络安全正日益成为企业董事会讨论的重要话题，无论规模大小或行业如何。如今的黑客正变得越来越聪明。攻击者不再攻击大型跨国公司、国际银行和政府机构，而是通过网络钓鱼、勒索软件、利用网络或移动应用程序漏洞等各种攻击，将重点放在科技初创企业等中小型企业上。因此，科技初创企业必须具备评估其网络安全成熟度的能力，以应对网络威胁。然而，对于科技初创企业来说，这一点尤为重要，因为网络攻击或数据泄露无疑会导致客户信心的丧失、监管影响和收入损失，最终可能导致初创企业过早关闭。虽然业界有网络安全从从者常用的保安架构，但这些架构并不适合科技初创公司，因为它们往往过于宽泛和笼统，需要很长时间进行评估，需要足够的人力，甚至需要预算聘请外部顾问协助进行评估。本研究旨在分析当前的网络安全框架，并引入端到端的网络安全成熟度模型，该模型可专门用于技术初创企业。所提出的模型不仅提供了对初创企业网络安全状况的端到端成熟度评估，而且还与现有的量化模型相结合，以证明为初创企业实施网络安全措施所分配的投资是合理的。在初创企业生命周期的不同阶段，适当调整网络安全措施的规模，可以在适当的阶段实施合理的控制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE International Conference on Computing (ICOCO)

自引率

0.00%

发文量