Litcius/Paper detail

Adaptable Security Maturity Assessment and Standardization for Digital SMEs

Bilge Yiğit Özkan, Marco Spruit

2022Journal of Computer Information Systems22 citationsDOIOpen Access PDF

Abstract

Small and Medium-sized Enterprises (SMEs) constitute a very large part of every country’s economy and play an essential role in economic growth and social development. SMEs are frequent targets of cyberattacks. Unlike large enterprises, SMEs generally have limited capabilities regarding cybersecurity practices. Assessment and improvement of cybersecurity capabilities are crucial for SMEs to survive and sustain their operations. Despite the availability of maturity assessment models and standards to assess and improve cybersecurity capabilities, SMEs’ specific requirements and roles in the digital ecosystem are often neglected. This paper presents high-level SME requirements regarding cybersecurity maturity assessment and standardization and translates them into an Adaptable Security Maturity Assessment and Standardization (ASMAS) framework to address this gap. The framework is demonstrated by a web-based software prototype. In the evaluation study conducted with SMEs, we obtained positive results for perceived usefulness, perceived ease of use of the framework, and intention to use it.

Topics & Concepts

StandardizationMaturity (psychological)Capability Maturity ModelBusinessProcess managementSmall and medium-sized enterprisesComputer securityComputer scienceKnowledge managementSoftwareFinanceProgramming languageDevelopmental psychologyPsychologyOperating systemInformation and Cyber SecurityInformation Technology Governance and StrategyBig Data and Business Intelligence
Adaptable Security Maturity Assessment and Standardization for Digital SMEs | Litcius