Abstract
In an increasingly digitalized and networked world, information security and cyber security pose ever greater challenges to organizations. Cyber-attacks cause high economic damage and can bring organizations to ruin. Many small and medium-sized enterprises (SME) are under the illusion that only the large companies are the victims of an attack; they protect their valuable data against this background only poorly. But even in research, the focus is generally not on SMEs. In the context of this work, an easy-to-use Cyber Security Canvas is therefore being modelled to close this gap and to allow SMEs pragmatic access to the topic. The model framework is supplemented with modular building blocks. The building blocks can be put together individually according to the requirements and needs of the SMEs using them, with the model dividing them up according to priority. The newly designed Cyber Security Canvas was put through an application test with a European-based SME in order to gain first insights into its practical suitability in the European context. The model proved to be successful, and was well received by the participant. Nevertheless, it has potential for improvement.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Simonet, J., Teufel, S.: The Influence of Organizational, Social and Personal Factors on Cybersecurity Awareness and Behavior of Home Computer Users. In: Dhillon, G., Karlsson, F., Hedström, K., Zúquete, A. (eds.) ICT Systems Security and Privacy Protection. SEC 2019. IFIP Advances in Information and Communication Technology, vol 562. Springer, Cham (2019)
techbold technology Group AG: Studie Status IT-Sicherheit KMU Österreich 2020. Report. techbold technology group AG und MindTake Research GmbH, Wien (2020)
Bougaardt, G., Kyobe, M.: Investigating the factors inhibiting SMEs from recognizing and measuring losses from cybercrime in South Africa. In: ICIME 2011-Proceedings of the 2nd International Conference on Information Management and Evaluation, Toronto, Canada, pp. 62–70 (2011)
Berry, C., Berry, R.: An initial assessment of small business risk management approaches for cyber security threats. Int. J. Bus. Continuity Risk Manage. 8(1), 1–10 (2018)
Aldabbas, M., Teufel, B.: Human aspects of smart technologies’ security: the role of human failure. J. Electron. Sci. Technol. 14(4), 311–318 (2016)
Wiercioch, A., Teufel, S., Teufel, B.: The authentication dilemma. J. Softw. 13(5), 277–286 (2018). https://doi.org/10.17706/jsw.13.5.277-286
Teufel, S., Teufel, B.: Crowd energy information security culture: security guidelines for smart environments. In: Proceedings of the IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity), Chengdu, China, pp. 123–128 (2015)
Schlienger, T., Teufel, S.: Information security culture: the socio-cultural dimension in information security management. In: Proceedings IFIP TC11 17th International Conference on Information Security: Visions and Perspectives, Cairo, Egypt, 7–9 May, 2002
Da Veiga, A., Eloff, J.: A framework and assessment instrument for information security culture. Comput. Secur. 29(2), 196–207 (2010)
Heidt, M., Gerlach, J.P., Buxmann, P.: Investigating the security divide between SME and large companies: how SME characteristics influence organizational IT security investments. Inf. Syst. Front. 21(6), 1285–1305 (2019). https://doi.org/10.1007/s10796-019-09959-1
Solms, R., von Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)
Kersten, H., Klett, G., Reuter, J., Schröder, K.-W.: IT-Sicherheitsmanagement nach der neuen ISO 27001. Springer Fachmedien, Wiesbaden (2016)
Böhmer, W., Haufe, K., Klipper, S., Lohre, T., Rumpel, R., Witt, B.-C.: Managementsysteme für Informationssicherheit (ISMS) mit DIN EN ISO/IEC 27001 betreiben und verbessern. Beuth Verlag GmbH, Berlin (2018)
Deming, W.: Out of Crisis. M.I.T. Center for Advanced Engineering Study, Cambridge, USA (1982)
Calder, A.: ISO27001/ISO27002. IT Governance Publishing, Cambridgeshire (2018)
Federal Office for Information Security (BSI): BSI-Standard 200–2, IT Grundschutz Methodology. BSI, Bonn (2017). https://www.bsi.bund.de/EN/Publications/BSIStandards/BSIStandards_node.html
Nguyen, M.: Konzeption und modellierung eines cyber security canvas. International istitute of management in technology (iimt), University of Fribourg, Fribourg (2019)
National Institute of Standards and Technology (NIST): Framework for Improving Critical Infrastructure Cybersecurity. NIST, Gaithersburg, 16 April 2018
Scherm, E., Pietsch, G.: Organisation: Theorie, Gestaltung. Wandel. Oldenbourg Wissenschaftsverlag GmbH, München (2007)
Hofmann, H., Poltermann, A.: Den Wandel gemeinsam gestalten – Organisations-ent-wicklung “bottom-up” - Handreichung zur Unterstützung von Einrichtungen der beruflichen Rehabilitation. Nürnberg, Forschungsinstitut Betriebliche Bildung (f-bb) gGmbH (2017)
Moosbrugger, H., Kelava, A.: Testtheorie und Fragebogenkonstruktion. Springer, Heidelberg (2012)
Acknowledgment
This work was supported by the Canton of Fribourg, Switzerland, through the Smart Living Lab project at the University of Fribourg.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Teufel, S., Teufel, B., Aldabbas, M., Nguyen, M. (2020). Cyber Security Canvas for SMEs. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J., Botha, R. (eds) Information and Cyber Security. ISSA 2020. Communications in Computer and Information Science, vol 1339. Springer, Cham. https://doi.org/10.1007/978-3-030-66039-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-66039-0_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66038-3
Online ISBN: 978-3-030-66039-0
eBook Packages: Computer ScienceComputer Science (R0)