面向科技创业公司的端到端网络安全成熟度模型

A. Selamat, Mohamed Noordin Yusuff Marican, S. H. Othman, S. Razak
{"title":"面向科技创业公司的端到端网络安全成熟度模型","authors":"A. Selamat, Mohamed Noordin Yusuff Marican, S. H. Othman, S. Razak","doi":"10.1109/ICOCO56118.2022.10031900","DOIUrl":null,"url":null,"abstract":"Cybersecurity is increasingly becoming an important discussion topic in the boardroom of companies, regardless of the size or industry. Hackers nowadays are becoming increasingly smart. Instead of attacking big multi-national companies, international banks and government organisations which have built strong protection against cyber threats, the perpetrators now placed their focus on smaller and medium size businesses like technology start-ups through a variety of attacks from phishing, ransomware to the exploitation of vulnerabilities in the web or mobile applications. Therefore, it is imperative that technology start-ups have the capability in assessing their cyber security maturity to combat against cyber threats. However, for technology start-ups, it is especially imperative as cyber-attacks or data breaches could undeniably result in the loss of customers’ confidence, regulatory implications and revenue loss which could eventually result in the start-up untimely closure. Although there are available security frameworks commonly used in the industry by cyber security practitioners, these frameworks are not suitable for technology start-ups as they tend to be broad and generic, taking a long time to conduct the assessment requiring adequate manpower or even the need for a budget to hire external consultants to help in conducting the assessment. This study seeks to analyse the current cyber security frameworks and introduce an end-to-end Cyber Security Maturity Model, which can be used specifically for technology start-ups. The proposed model not only provides an end-to-end maturity assessment of the start-up’s cyber security posture but also coupled with an existing quantification model to justify the investments allocated in implementing cyber security measures for the start-up. Right-sizing the cyber security measures for the start-up in the different stages of the start-up lifecycle could allow reasonable controls to be implemented at the appropriate phase.","PeriodicalId":319652,"journal":{"name":"2022 IEEE International Conference on Computing (ICOCO)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An End-To-End Cyber Security Maturity Model For Technology Startups\",\"authors\":\"A. Selamat, Mohamed Noordin Yusuff Marican, S. H. Othman, S. Razak\",\"doi\":\"10.1109/ICOCO56118.2022.10031900\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cybersecurity is increasingly becoming an important discussion topic in the boardroom of companies, regardless of the size or industry. Hackers nowadays are becoming increasingly smart. Instead of attacking big multi-national companies, international banks and government organisations which have built strong protection against cyber threats, the perpetrators now placed their focus on smaller and medium size businesses like technology start-ups through a variety of attacks from phishing, ransomware to the exploitation of vulnerabilities in the web or mobile applications. Therefore, it is imperative that technology start-ups have the capability in assessing their cyber security maturity to combat against cyber threats. However, for technology start-ups, it is especially imperative as cyber-attacks or data breaches could undeniably result in the loss of customers’ confidence, regulatory implications and revenue loss which could eventually result in the start-up untimely closure. Although there are available security frameworks commonly used in the industry by cyber security practitioners, these frameworks are not suitable for technology start-ups as they tend to be broad and generic, taking a long time to conduct the assessment requiring adequate manpower or even the need for a budget to hire external consultants to help in conducting the assessment. This study seeks to analyse the current cyber security frameworks and introduce an end-to-end Cyber Security Maturity Model, which can be used specifically for technology start-ups. The proposed model not only provides an end-to-end maturity assessment of the start-up’s cyber security posture but also coupled with an existing quantification model to justify the investments allocated in implementing cyber security measures for the start-up. Right-sizing the cyber security measures for the start-up in the different stages of the start-up lifecycle could allow reasonable controls to be implemented at the appropriate phase.\",\"PeriodicalId\":319652,\"journal\":{\"name\":\"2022 IEEE International Conference on Computing (ICOCO)\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-11-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE International Conference on Computing (ICOCO)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICOCO56118.2022.10031900\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Conference on Computing (ICOCO)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOCO56118.2022.10031900","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

网络安全正日益成为企业董事会讨论的重要话题,无论规模大小或行业如何。如今的黑客正变得越来越聪明。攻击者不再攻击大型跨国公司、国际银行和政府机构,而是通过网络钓鱼、勒索软件、利用网络或移动应用程序漏洞等各种攻击,将重点放在科技初创企业等中小型企业上。因此,科技初创企业必须具备评估其网络安全成熟度的能力,以应对网络威胁。然而,对于科技初创企业来说,这一点尤为重要,因为网络攻击或数据泄露无疑会导致客户信心的丧失、监管影响和收入损失,最终可能导致初创企业过早关闭。虽然业界有网络安全从从者常用的保安架构,但这些架构并不适合科技初创公司,因为它们往往过于宽泛和笼统,需要很长时间进行评估,需要足够的人力,甚至需要预算聘请外部顾问协助进行评估。本研究旨在分析当前的网络安全框架,并引入端到端的网络安全成熟度模型,该模型可专门用于技术初创企业。所提出的模型不仅提供了对初创企业网络安全状况的端到端成熟度评估,而且还与现有的量化模型相结合,以证明为初创企业实施网络安全措施所分配的投资是合理的。在初创企业生命周期的不同阶段,适当调整网络安全措施的规模,可以在适当的阶段实施合理的控制。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
An End-To-End Cyber Security Maturity Model For Technology Startups
Cybersecurity is increasingly becoming an important discussion topic in the boardroom of companies, regardless of the size or industry. Hackers nowadays are becoming increasingly smart. Instead of attacking big multi-national companies, international banks and government organisations which have built strong protection against cyber threats, the perpetrators now placed their focus on smaller and medium size businesses like technology start-ups through a variety of attacks from phishing, ransomware to the exploitation of vulnerabilities in the web or mobile applications. Therefore, it is imperative that technology start-ups have the capability in assessing their cyber security maturity to combat against cyber threats. However, for technology start-ups, it is especially imperative as cyber-attacks or data breaches could undeniably result in the loss of customers’ confidence, regulatory implications and revenue loss which could eventually result in the start-up untimely closure. Although there are available security frameworks commonly used in the industry by cyber security practitioners, these frameworks are not suitable for technology start-ups as they tend to be broad and generic, taking a long time to conduct the assessment requiring adequate manpower or even the need for a budget to hire external consultants to help in conducting the assessment. This study seeks to analyse the current cyber security frameworks and introduce an end-to-end Cyber Security Maturity Model, which can be used specifically for technology start-ups. The proposed model not only provides an end-to-end maturity assessment of the start-up’s cyber security posture but also coupled with an existing quantification model to justify the investments allocated in implementing cyber security measures for the start-up. Right-sizing the cyber security measures for the start-up in the different stages of the start-up lifecycle could allow reasonable controls to be implemented at the appropriate phase.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信