Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs)-Reference-Cited by-同舟云学术

Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs)

Published:2019-07-08 Issue:3 Volume:27 Page:393-410
ISSN:2056-4961
Container-title:Information & Computer Security
language:en
Short-container-title:ICS

Author:

Bada Maria,Nurse Jason R.C.

Abstract

PurposeThe purpose of this study is to focus on organisation’s cybersecurity strategy and propose a high-level programme for cybersecurity education and awareness to be used when targeting small- and medium-sized enterprises/businesses (SMEs/SMBs) at a city-level. An essential component of an organisation’s cybersecurity strategy is building awareness and education of online threats and how to protect corporate data and services. This programme is based on existing research and provides a unique insight into an ongoing city-based project with similar aims.Design/methodology/approachTo structure this work, a scoping review was conducted of the literature in cybersecurity education and awareness, particularly for SMEs/SMBs. This theoretical analysis was complemented using a case study and reflecting on an ongoing, innovative programme that seeks to work with these businesses to significantly enhance their security posture. From these analyses, best practices and important lessons/recommendations to produce a high-level programme for cybersecurity education and awareness were recommended.FindingsWhile the literature can be informative at guiding education and awareness programmes, it may not always reach real-world programmes. However, existing programmes, such as the one explored in this study, have great potential, but there can be room for improvement. Knowledge from each of these areas can, and should, be combined to the benefit of the academic and practitioner communities.Originality/valueThe study contributes to current research through the outline of a high-level programme for cybersecurity education and awareness targeting SMEs/SMBs. Through this research, literature in this space was examined and insights into the advances and challenges faced by an on-going programme were presented. These analyses allow us to craft a proposal for a core programme that can assist in improving the security education, awareness and training that targets SMEs/SMBs.

Publisher

Emerald

Subject

Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems

Reference58 articles.

1. A taxonomy of cyber-harms: defining the impacts of cyber-attacks and understanding how they propagate;Journal of Cybersecurity,2018

2. Enhancing information security education and awareness: proposed characteristics for a model,2015

3. ANSSI Certification (2014), “France cybersecurity label”, available at: www.francecybersecurity.fr (accessed 21 March 2019).

4. Scoping studies: towards a methodological framework;International Journal of Social Research Methodology,2005

5. Asti, A. (2017), “Cyber defense challenges from the small and medium sized business perspective”, SANS Institute, InfoSec Reading Room, available at: www.sans.org/reading-room/whitepapers/hsoffice/paper/38160 (accessed 21 March 2019).

Cited by 64 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Securing industry 4.0: Assessing cybersecurity challenges and proposing strategies for manufacturing management;Cyber Security and Applications;2025-12

2. Cybersecurity preparedness of small-to-medium businesses: A Western Australia study with broader implications;Computers & Security;2024-10

3. When traditional SME managers encounter cybersecurity: Discourse analysis of opportunities and dilemmas in meeting the demands;Technology in Society;2024-09

4. Balancing talent and technology: Navigating cybersecurity and privacy in SMEs;Telematics and Informatics Reports;2024-09

5. Understanding the factors that motivate South African home fibre users to protect their home networking devices: a protection motivation theory;Information & Computer Security;2024-07-31