Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs)

被引:50
作者
Bada, Maria [1 ]
Nurse, Jason R. C. [2 ]
机构
[1] Univ Cambridge, Comp Lab, Cambridge Cybercrime Ctr, Cambridge, England
[2] Univ Kent, Sch Comp, Cyber Secur, Canterbury, Kent, England
基金
英国工程与自然科学研究理事会;
关键词
Skills; Education; Awareness; Cybersecurity; Small-to-medium-sized businesses (SMBs); Small-to-medium-sized enterprises (SMEs); SECURITY;
D O I
10.1108/ICS-07-2018-0080
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Purpose The purpose of this study is to focus on organisation's cybersecurity strategy and propose a high-level programme for cybersecurity education and awareness to be used when targeting small- and medium-sized enterprises/businesses (SMEs/SMBs) at a city-level. An essential component of an organisation's cybersecurity strategy is building awareness and education of online threats and how to protect corporate data and services. This programme is based on existing research and provides a unique insight into an ongoing city-based project with similar aims. Design/methodology/approach To structure this work, a scoping review was conducted of the literature in cybersecurity education and awareness, particularly for SMEs/SMBs. This theoretical analysis was complemented using a case study and reflecting on an ongoing, innovative programme that seeks to work with these businesses to significantly enhance their security posture. From these analyses, best practices and important lessons/recommendations to produce a high-level programme for cybersecurity education and awareness were recommended. Findings While the literature can be informative at guiding education and awareness programmes, it may not always reach real-world programmes. However, existing programmes, such as the one explored in this study, have great potential, but there can be room for improvement. Knowledge from each of these areas can, and should, be combined to the benefit of the academic and practitioner communities. Originality/value The study contributes to current research through the outline of a high-level programme for cybersecurity education and awareness targeting SMEs/SMBs. Through this research, literature in this space was examined and insights into the advances and challenges faced by an on-going programme were presented. These analyses allow us to craft a proposal for a core programme that can assist in improving the security education, awareness and training that targets SMEs/SMBs.
引用
收藏
页码:393 / 410
页数:18
相关论文
共 57 条
[1]   A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate [J].
Agrafiotis, Ioannis ;
Nurse, Jason R. C. ;
Goldsmith, Michael ;
Creese, Sadie ;
Upton, David .
JOURNAL OF CYBERSECURITY, 2018, 4 (01)
[2]  
Amankwa E, 2015, 2015 SECOND INTERNATIONAL CONFERENCE ON INFORMATION SECURITY AND CYBER FORENSICS (INFOSEC), P72, DOI 10.1109/InfoSec.2015.7435509
[3]  
[Anonymous], 2017, ITALIAN CYBER SECURI
[4]  
[Anonymous], 2018, OXFORD HDB CYBERPSYC
[5]  
[Anonymous], 2007, EUR C INF SYST
[6]  
ANSSI Certification, 2014, FRANC CYB LAB
[7]  
Arksey H., 2005, INT J SOC RES METHOD, V8, P19, DOI [10.1080/1364557032000119616, DOI 10.1080/1364557032000119616]
[8]  
Asti A., 2017, GIAC CERTIFICATIONS
[9]  
Bada M., 2015, International Conference on Cyber Security for Sustainable Society, pp, P118
[10]  
Bada M., 2019, Reviewing national cybersecurity awareness in Africa: An empirical study