{"title":"从CISO的角度看小型企业的安全障碍和动机","authors":"Flynn Wolf, Adam J. Aviv, Ravi Kuber","doi":"10.13016/M2RCS6-O3WQ","DOIUrl":null,"url":null,"abstract":"Small businesses (SBs) are often ill-informed and underresourced against increasing online threats. Chief Information Security Officers (CISOs) have a key role in contextualizing trade-offs between competing costs and priorities for SB management. To explore the challenges CISOs face when guiding SBs towards improved security we conducted two interview studies. Firstly, an exploratory study with CISOs with SB experience to identify themes related to their work (n=8). Secondly, we refined our methods and conducted broader structured interviews with a larger non-overlapping group of similarly qualified SB CISOs (n=19) to validate those themes and extend outcomes. We found CISOs confirmed common observations that SBs are generally unprepared for online threats, and uninformed about issues such as insurance and regulation. We also found that despite perceived usability problems with language and formatting, the effectiveness of government-authored guidance (a key reference source for CISOs and SBs) was deemed on par with commercial resources. These observations yield recommendations for better formatting, prioritizing, and timing of security guidance for SBs, such as better tailoring checklists, investment suggestions, and scenario-based exercises.","PeriodicalId":91597,"journal":{"name":"Proceedings of the ... USENIX Security Symposium. UNIX Security Symposium","volume":"76 1","pages":"1199-1216"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Security Obstacles and Motivations for Small Businesses from a CISO's Perspective\",\"authors\":\"Flynn Wolf, Adam J. Aviv, Ravi Kuber\",\"doi\":\"10.13016/M2RCS6-O3WQ\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Small businesses (SBs) are often ill-informed and underresourced against increasing online threats. Chief Information Security Officers (CISOs) have a key role in contextualizing trade-offs between competing costs and priorities for SB management. To explore the challenges CISOs face when guiding SBs towards improved security we conducted two interview studies. Firstly, an exploratory study with CISOs with SB experience to identify themes related to their work (n=8). Secondly, we refined our methods and conducted broader structured interviews with a larger non-overlapping group of similarly qualified SB CISOs (n=19) to validate those themes and extend outcomes. We found CISOs confirmed common observations that SBs are generally unprepared for online threats, and uninformed about issues such as insurance and regulation. We also found that despite perceived usability problems with language and formatting, the effectiveness of government-authored guidance (a key reference source for CISOs and SBs) was deemed on par with commercial resources. These observations yield recommendations for better formatting, prioritizing, and timing of security guidance for SBs, such as better tailoring checklists, investment suggestions, and scenario-based exercises.\",\"PeriodicalId\":91597,\"journal\":{\"name\":\"Proceedings of the ... USENIX Security Symposium. UNIX Security Symposium\",\"volume\":\"76 1\",\"pages\":\"1199-1216\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the ... USENIX Security Symposium. UNIX Security Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.13016/M2RCS6-O3WQ\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ... USENIX Security Symposium. UNIX Security Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.13016/M2RCS6-O3WQ","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Obstacles and Motivations for Small Businesses from a CISO's Perspective
Small businesses (SBs) are often ill-informed and underresourced against increasing online threats. Chief Information Security Officers (CISOs) have a key role in contextualizing trade-offs between competing costs and priorities for SB management. To explore the challenges CISOs face when guiding SBs towards improved security we conducted two interview studies. Firstly, an exploratory study with CISOs with SB experience to identify themes related to their work (n=8). Secondly, we refined our methods and conducted broader structured interviews with a larger non-overlapping group of similarly qualified SB CISOs (n=19) to validate those themes and extend outcomes. We found CISOs confirmed common observations that SBs are generally unprepared for online threats, and uninformed about issues such as insurance and regulation. We also found that despite perceived usability problems with language and formatting, the effectiveness of government-authored guidance (a key reference source for CISOs and SBs) was deemed on par with commercial resources. These observations yield recommendations for better formatting, prioritizing, and timing of security guidance for SBs, such as better tailoring checklists, investment suggestions, and scenario-based exercises.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
