Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs). (8th July 2019)
- Record Type:
- Journal Article
- Title:
- Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs). (8th July 2019)
- Main Title:
- Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs)
- Authors:
- Bada, Maria
Nurse, Jason R.C. - Abstract:
- Abstract : Purpose: The purpose of this study is to focus on organisation's cybersecurity strategy and propose a high-level programme for cybersecurity education and awareness to be used when targeting small- and medium-sized enterprises/businesses (SMEs/SMBs) at a city-level. An essential component of an organisation's cybersecurity strategy is building awareness and education of online threats and how to protect corporate data and services. This programme is based on existing research and provides a unique insight into an ongoing city-based project with similar aims. Design/methodology/approach: To structure this work, a scoping review was conducted of the literature in cybersecurity education and awareness, particularly for SMEs/SMBs. This theoretical analysis was complemented using a case study and reflecting on an ongoing, innovative programme that seeks to work with these businesses to significantly enhance their security posture. From these analyses, best practices and important lessons/recommendations to produce a high-level programme for cybersecurity education and awareness were recommended. Findings: While the literature can be informative at guiding education and awareness programmes, it may not always reach real-world programmes. However, existing programmes, such as the one explored in this study, have great potential, but there can be room for improvement. Knowledge from each of these areas can, and should, be combined to the benefit of the academic andAbstract : Purpose: The purpose of this study is to focus on organisation's cybersecurity strategy and propose a high-level programme for cybersecurity education and awareness to be used when targeting small- and medium-sized enterprises/businesses (SMEs/SMBs) at a city-level. An essential component of an organisation's cybersecurity strategy is building awareness and education of online threats and how to protect corporate data and services. This programme is based on existing research and provides a unique insight into an ongoing city-based project with similar aims. Design/methodology/approach: To structure this work, a scoping review was conducted of the literature in cybersecurity education and awareness, particularly for SMEs/SMBs. This theoretical analysis was complemented using a case study and reflecting on an ongoing, innovative programme that seeks to work with these businesses to significantly enhance their security posture. From these analyses, best practices and important lessons/recommendations to produce a high-level programme for cybersecurity education and awareness were recommended. Findings: While the literature can be informative at guiding education and awareness programmes, it may not always reach real-world programmes. However, existing programmes, such as the one explored in this study, have great potential, but there can be room for improvement. Knowledge from each of these areas can, and should, be combined to the benefit of the academic and practitioner communities. Originality/value: The study contributes to current research through the outline of a high-level programme for cybersecurity education and awareness targeting SMEs/SMBs. Through this research, literature in this space was examined and insights into the advances and challenges faced by an on-going programme were presented. These analyses allow us to craft a proposal for a core programme that can assist in improving the security education, awareness and training that targets SMEs/SMBs. … (more)
- Is Part Of:
- Information and computer security. Volume 27:Number 3(2019)
- Journal:
- Information and computer security
- Issue:
- Volume 27:Number 3(2019)
- Issue Display:
- Volume 27, Issue 3 (2019)
- Year:
- 2019
- Volume:
- 27
- Issue:
- 3
- Issue Sort Value:
- 2019-0027-0003-0000
- Page Start:
- 393
- Page End:
- 410
- Publication Date:
- 2019-07-08
- Subjects:
- Skills -- Education -- Awareness -- Cybersecurity -- Small-to-medium-sized businesses (SMBs) -- Small-to-medium-sized enterprises (SMEs)
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-07-2018-0080 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 10916.xml