A Conceptual Model of an Intelligent Platform for Security Risk Assessment in SMEs

2019 IEEE 13th International Conference on Application of Information and Communication Technologies (AICT) Pub Date : 2019-10-01 DOI:10.1109/AICT47866.2019.8981796

Laura Arenda, O. Popov

{"title":"A Conceptual Model of an Intelligent Platform for Security Risk Assessment in SMEs","authors":"Laura Arenda, O. Popov","doi":"10.1109/AICT47866.2019.8981796","DOIUrl":null,"url":null,"abstract":"SMEs are increasingly targeted by cyberattacks and usually less in control of their Information Security Management System than larger organizations due to a lack of resources. Risk assessment can help them to determine which changes are needed bearing in mind their constraints. However, common frameworks for risk assessments are more suitable for large organizations. Some of them have been designed specifically for SMEs but still target an audience of information security experts and are considered as time-consuming by SMEs. This article aims at tackling those issues by introducing a conceptual model of an Intelligent Platform for supporting SMEs in security risk assessment process. The design research method was used to develop a model taking into account the inputs from relevant stakeholders collected via interviews. The model was validated and improved with case studies where quick security risk assessments in three different SMEs have been performed following the activities that the proposed model is supposed to perform.","PeriodicalId":329473,"journal":{"name":"2019 IEEE 13th International Conference on Application of Information and Communication Technologies (AICT)","volume":"303 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 13th International Conference on Application of Information and Communication Technologies (AICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AICT47866.2019.8981796","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

SMEs are increasingly targeted by cyberattacks and usually less in control of their Information Security Management System than larger organizations due to a lack of resources. Risk assessment can help them to determine which changes are needed bearing in mind their constraints. However, common frameworks for risk assessments are more suitable for large organizations. Some of them have been designed specifically for SMEs but still target an audience of information security experts and are considered as time-consuming by SMEs. This article aims at tackling those issues by introducing a conceptual model of an Intelligent Platform for supporting SMEs in security risk assessment process. The design research method was used to develop a model taking into account the inputs from relevant stakeholders collected via interviews. The model was validated and improved with case studies where quick security risk assessments in three different SMEs have been performed following the activities that the proposed model is supposed to perform.

查看原文本刊更多论文

中小企业安全风险评估智能平台的概念模型

中小型企业越来越多地成为网络攻击的目标，由于缺乏资源，它们对信息安全管理系统的控制通常不如大型组织。风险评估可以帮助他们确定哪些变更是需要的，同时考虑到它们的约束条件。然而，风险评估的通用框架更适合大型组织。其中一些是专门为中小企业设计的，但仍然针对信息安全专家的受众，并且被中小企业认为是耗时的。本文旨在通过引入智能平台的概念模型来解决这些问题，以支持中小企业进行安全风险评估。设计研究方法用于开发一个模型，考虑到通过访谈收集的相关利益相关者的输入。该模型通过案例研究进行了验证和改进，其中在三个不同的中小企业中执行了快速安全风险评估，按照建议的模型应该执行的活动进行了评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE 13th International Conference on Application of Information and Communication Technologies (AICT)

自引率

0.00%

发文量