Top

Published in:

2019 | OriginalPaper | Chapter

Survey and Guidelines for the Design and Deployment of a Cyber Security Label for SMEs

Authors : Christophe Ponsard, Jeremy Grandclaudon

Published in: Information Systems Security and Privacy

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Cyber Security risks and attacks are on the rise, especially at the light of the recent events in the geopolitical landscape. Cyber attacks are not longer targeting big organisations such as governments, institutions or global companies. Smaller businesses and even citizens are now also being hit by cyber attacks, either directly or as a result of side effects. At the same time, the regulation and legislative pressure to prevent cyber attacks is increasing, especially in Europe. In order to protect Small and Medium Enterprises (SMEs), different labels, specific standards or practical guidelines are being developed. This papers makes a comparative survey of such initiatives with the aim to initiate such an approach in Belgium in a consistent way with other existing approaches and also to enable longer term convergence with a possible European scheme. Our goal is to reach enough SMEs with a basic level of cyber security and engage them in continuous improvement to keep a sustainable but efficient level of security. At a more practical level, we report about how to set up the overall organisational structures, basic management processes and some supporting tools.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter On Building a Visualisation Tool for Access Control Policies

next chapter Privacy Preserving Collaborative Agglomerative Hierarchical Clustering Construction

Business Continuity Institute: BCI Horizon Scan Report 2018 (2018). https://www.bsigroup.com/LocalFiles/en-GB/iso-22301/case-studies/BCI-Horizon-Scan-Report-2018-FINAL.pdf

Smith, M.: Huge rise in hack attacks as cyber-criminals target small businesses (2016). http://bit.do/sme-attack-rise

Symantec: 2017 Internet Security Threat Report (2017). https://www.symantec.com/security-center

Hayes, J., Bodhani, A.: Cyber security: small firms under fire [information technology professionalism]. Eng. Technol. 8, 80–83 (2013)

Osborn, E., Creese, S., Upton, D.: Business vs technology: sources of the perceived lack of cyber security in SMEs. In: Proceedings of the 1st International Conference on on Cyber Security for Sustainable Society (2015)

Donovan, S.: Annual Report to Congress, Federal Information Security Modernization Act. Office of Management and Budget (2016). http://bit.do/fisma-report-15

Slye, J.: Federal Cybersecurity Incidents Continued Double-Digit Growth (2016). http://bit.do/cybersecurity-incidents

Kaspersky Lab: Measuring Financial Impact of IT Security on Businesses (2016)

Muller, P., et al.: Annual Report on European SMEs 2014/2015. European Commission (2015)

10.

Leclair, J.: Testimony of Dr. Jane Leclair before the U.S. House of Representatives Committee on Small Business (2015). http://bit.do/sme-leclair

11.

CybSafe: Enterprise IT leaders demanding more stringent cyber security from suppliers (2017). http://bit.do/cybsafe

12.

ISO: ISO/IEC 27000 Family - Information Security Management Systems (2013). https://www.iso.org/isoiec-27001-information-security.html

13.

UK Government: Cyber Essentials (2016). https://www.cyberaware.gov.uk/cyberessentials

14.

Whalen, A.: Digital Europe’s views on cybersecurity certification and labelling schemes (2017). http://bit.ly/2m3dyLV

15.

Ponsard, C., Grandclaudon, J., Dallons, G.: Towards a cyber security label for SMEs: a European perspective. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, ICISSP 2018, Funchal, Madeira, Portugal, 22–24 January 2018, pp. 426–431 (2018)

16.

Boateng, Y., Osei, E.: Cyber-Security Challenges with SMEs. Developing Economies: Issues of Confidentiality, Integrity & Availability. Aalborg University (2013)

17.

Padfield, C.: Issues of IT Governance and Information Security from an SME & Social Enterprise Perspective. MSc Edinburgh Napier University (2015)

18.

FFIEC: Federal Financial Institutions Examination Council. https://www.ffiec.gov

19.

ENISA: Information security and privacy standards for SMEs (2015). https://www.enisa.europa.eu/publications/standardisation-for-smes

20.

Digital SME Alliance: European Cybersecurity Strategy: Fostering the SME Ecosystem (2017). http://bit.do/digital-europe

21.

EU: Strengthening Europe’s Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2016%3A410%3AFIN

22.

ECSO: State of the Art - Overview of existing Cybersecurity standards and certification schemes v2 (2017). https://www.ecs-org.eu/documents/publications/5a31129ea8e97.pdf

23.

ECSO: European Cyber Security Certification: A Meta - Scheme Approach v1.0 (2017). https://www.ecs-org.eu/documents/publications/5a3112ec2c891.pdf

24.

EU: General data protection regulation (2016). http://eur-lex.europa.eu/eli/reg/2016/679/oj

25.

Certification Europe: Cyber essentials self assessment (2018). https://www.cyberessentials.ie/self-assessment

26.

Vertrauen durch Siecherhiet: A Brief Assessment for SMEs - Quick Check for Cyber Security (2017). http://vds-quick-check.de

27.

ISO/IEC: 15408–1:2009 Common Criteria for Information Technology Security Evaluation (2009). https://www.commoncriteriaportal.org

28.

Ponsard, C., Massonet, P., Molderez, J.F.: Bringing the Common Critera to Business Enterprise. ERCIM News, Special Issue on Security and Trust Management (2005)

29.

ANSSI: Charte d’utilisation des moyens informatiques et des outils numériques - guide d’élaboration en 9 points clés pour PME et ETI (2017). https://www.ssi.gouv.fr/uploads/2017/06/guide-charte-utilisation-moyens-informatiques-outils-numeriques_anssi.pdf

30.

ANSSI: MOOC SecNumacadémie (2018). https://www.secnumacademie.gouv.fr

31.

ANSSI: France Cybersecurity Label (2014). https://www.francecybersecurity.fr

32.

Lieberman, D.: Practical advice for SMBS to use ISO 27001 (2011). http://www.infosecisland.com

33.

NIST: Cybersecurity Framework (2014). https://www.nist.gov/cyberframework

34.

Sage, O.: Every Small Business Should Use the NIST CSF (2015). https://cyber-rx.com

35.

Eubanks, R.: A Small Business No Budget Implementation of the SANS 20 Security Controls. SANS Institute InfoSec Reading Room (2011)

36.

CIS: CIS Controls V6.1 (2016). https://www.cisecurity.org/controls

37.

ISSA: 5173 Security Standard for SMEs (2011). http://www.wlan-defence.com/wp/ISSA-UK.pdf

38.

Schmitz, C., Chenu, D., et al.: Lime survey (2003). https://www.limesurvey.org

Title: Survey and Guidelines for the Design and Deployment of a Cyber Security Label for SMEs
Authors: Christophe Ponsard
Jeremy Grandclaudon
Publisher: Springer International Publishing
Book: Information Systems Security and Privacy
Print ISBN: 978-3-030-25108-6

Electronic ISBN: 978-3-030-25109-3

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-25109-3_13

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner