Jose A. Calvo-Manzano, Tomás San Feliu, Ángel Herranz, Julio Mariño, Lars-Åke Fredlund, Ana M. Moreno
{"title":"CyberESP:中小企业综合网络安全框架","authors":"Jose A. Calvo-Manzano, Tomás San Feliu, Ángel Herranz, Julio Mariño, Lars-Åke Fredlund, Ana M. Moreno","doi":"10.1002/smr.70050","DOIUrl":null,"url":null,"abstract":"<p>Cybersecurity is a critical global concern, particularly for small- and medium-sized enterprises (SMEs) with limited resources and expertise. The authors are developing CyberESP, a tailored cybersecurity framework supported by a semi-automated tool to ensure Spanish SMEs' cybersecurity management. Following the Design Science Research (DSR) methodology and grounded in international standards, the authors identified six requirements to be satisfied by a cybersecurity framework for SMEs, which should support the identification of assets, vulnerabilities, threats, and risks. This paper presents the first part of the CyberESP framework dealing with asset management, particularly their identification and analysis of dimensions and cost. A prototype supporting these activities was developed and validated through a case study in a retail SME, showing the solution's potential and identifying particular improvements. The paper also addresses threats to validity and limitations, noting the framework's focus on hardware, software, and networks. Future work includes vulnerability management and will explore the use of cloud and IoT deployment, positioning CyberESP as a practical solution to enhance SMEs' cybersecurity resilience.</p>","PeriodicalId":48898,"journal":{"name":"Journal of Software-Evolution and Process","volume":"37 9","pages":""},"PeriodicalIF":1.8000,"publicationDate":"2025-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.70050","citationCount":"0","resultStr":"{\"title\":\"CyberESP: An Integrated Cybersecurity Framework for SMEs\",\"authors\":\"Jose A. Calvo-Manzano, Tomás San Feliu, Ángel Herranz, Julio Mariño, Lars-Åke Fredlund, Ana M. Moreno\",\"doi\":\"10.1002/smr.70050\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Cybersecurity is a critical global concern, particularly for small- and medium-sized enterprises (SMEs) with limited resources and expertise. The authors are developing CyberESP, a tailored cybersecurity framework supported by a semi-automated tool to ensure Spanish SMEs' cybersecurity management. Following the Design Science Research (DSR) methodology and grounded in international standards, the authors identified six requirements to be satisfied by a cybersecurity framework for SMEs, which should support the identification of assets, vulnerabilities, threats, and risks. This paper presents the first part of the CyberESP framework dealing with asset management, particularly their identification and analysis of dimensions and cost. A prototype supporting these activities was developed and validated through a case study in a retail SME, showing the solution's potential and identifying particular improvements. The paper also addresses threats to validity and limitations, noting the framework's focus on hardware, software, and networks. Future work includes vulnerability management and will explore the use of cloud and IoT deployment, positioning CyberESP as a practical solution to enhance SMEs' cybersecurity resilience.</p>\",\"PeriodicalId\":48898,\"journal\":{\"name\":\"Journal of Software-Evolution and Process\",\"volume\":\"37 9\",\"pages\":\"\"},\"PeriodicalIF\":1.8000,\"publicationDate\":\"2025-09-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.1002/smr.70050\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Software-Evolution and Process\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/smr.70050\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Software-Evolution and Process","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/smr.70050","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
CyberESP: An Integrated Cybersecurity Framework for SMEs
Cybersecurity is a critical global concern, particularly for small- and medium-sized enterprises (SMEs) with limited resources and expertise. The authors are developing CyberESP, a tailored cybersecurity framework supported by a semi-automated tool to ensure Spanish SMEs' cybersecurity management. Following the Design Science Research (DSR) methodology and grounded in international standards, the authors identified six requirements to be satisfied by a cybersecurity framework for SMEs, which should support the identification of assets, vulnerabilities, threats, and risks. This paper presents the first part of the CyberESP framework dealing with asset management, particularly their identification and analysis of dimensions and cost. A prototype supporting these activities was developed and validated through a case study in a retail SME, showing the solution's potential and identifying particular improvements. The paper also addresses threats to validity and limitations, noting the framework's focus on hardware, software, and networks. Future work includes vulnerability management and will explore the use of cloud and IoT deployment, positioning CyberESP as a practical solution to enhance SMEs' cybersecurity resilience.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
