This is an early access version, the complete PDF, HTML, and XML versions will be available soon.
Open AccessArticle
ProtectingSmall and Medium Enterprises: A Specialized Cybersecurity Risk Assessment Framework and Tool
by
Mohammed El-Hajj
Mohammed El-Hajj *,† and
Zuhayr Aamir Mirza
Zuhayr Aamir Mirza †
Department of Semantics, Cybersecurity & Services, University of Twente, 7522 Enschede, The Netherlands
*
Author to whom correspondence should be addressed.
†
These authors contributed equally to this work.
Electronics 2024, 13(19), 3910; https://doi.org/10.3390/electronics13193910 (registering DOI)
Submission received: 22 August 2024
/
Revised: 30 September 2024
/
Accepted: 1 October 2024
/
Published: 2 October 2024
Abstract
As the number of Small and Medium Enterprises (SMEs) rises in the world, the amount of sensitive data used also increases, making them targets for cyberattacks. SMEs face a host of issues such as a lack of resources and poor cybersecurity talent, resulting in multiple vulnerabilities that increase overall risk. Cybersecurity risk assessment frameworks have been developed by multiple organizations such as the National Institute of Science and Technology (NIST) and the International Organization for Standardization (ISO), but they are complicated to understand and challenging to implement. This research aimed to create an effective cybersecurity risk assessment framework specifically for SMEs while considering their limitations. This was achieved by first identifying common threats and vulnerabilities and categorizing them according to their importance and risk. Secondly, popular frameworks like the NIST CSF and ISO 27001/2 were analyzed for their proficiencies and deficiencies while identifying relevant areas for SMEs. Finally, novel techniques catered to SMEs were explored and incorporated to create an effective framework for SMEs. This framework was also developed in the form of a tool, providing an interactive and dynamic environment. The tool was effective, and the framework is a promising start but requires more quantitative analysis.
Share and Cite
MDPI and ACS Style
El-Hajj, M.; Mirza, Z.A.
ProtectingSmall and Medium Enterprises: A Specialized Cybersecurity Risk Assessment Framework and Tool. Electronics 2024, 13, 3910.
https://doi.org/10.3390/electronics13193910
AMA Style
El-Hajj M, Mirza ZA.
ProtectingSmall and Medium Enterprises: A Specialized Cybersecurity Risk Assessment Framework and Tool. Electronics. 2024; 13(19):3910.
https://doi.org/10.3390/electronics13193910
Chicago/Turabian Style
El-Hajj, Mohammed, and Zuhayr Aamir Mirza.
2024. "ProtectingSmall and Medium Enterprises: A Specialized Cybersecurity Risk Assessment Framework and Tool" Electronics 13, no. 19: 3910.
https://doi.org/10.3390/electronics13193910
Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details
here.
Article Metrics
Article Access Statistics
For more information on the journal statistics, click
here.
Multiple requests from the same IP address are counted as one view.