Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs)

PurposeThe purpose of this study is to focus on organisation’s cybersecurity strategy and propose a high-level programme for cybersecurity education and awareness to be used when targeting small- and medium-sized enterprises/businesses (SMEs/SMBs) at a city-level. An essential component of an organisation’s cybersecurity strategy is building awareness and education of online threats and how to protect corporate data and services. This programme is based on existing research and provides a unique insight into an ongoing city-based project with similar aims.Design/methodology/approachTo structure this work, a scoping review was conducted of the literature in cybersecurity education and awareness, particularly for SMEs/SMBs. This theoretical analysis was complemented using a case study and reflecting on an ongoing, innovative programme that seeks to work with these businesses to significantly enhance their security posture. From these analyses, best practices and important lessons/recommendations to produce a high-level programme for cybersecurity education and awareness were recommended.FindingsWhile the literature can be informative at guiding education and awareness programmes, it may not always reach real-world programmes. However, existing programmes, such as the one explored in this study, have great potential, but there can be room for improvement. Knowledge from each of these areas can, and should, be combined to the benefit of the academic and practitioner communities.Originality/valueThe study contributes to current research through the outline of a high-level programme for cybersecurity education and awareness targeting SMEs/SMBs. Through this research, literature in this space was examined and insights into the advances and challenges faced by an on-going programme were presented. These analyses allow us to craft a proposal for a core programme that can assist in improving the security education, awareness and training that targets SMEs/SMBs.</jats:sec

A Novel Framework for Improving Cyber Security Management and Awareness for Home Users

A wide and increasing range of different technologies, devices, platforms, applications and services are being used every day by home users. In parallel, home users are also experiencing a range of different online threats and attacks. Indeed, home users are increasingly being targeted as they lack the knowledge and awareness about potential threats and how to protect themselves. The increase in technologies and platforms also increases the burden upon a user to understand how to apply security across the differing technologies, operating systems and applications. This results in managing the security across their technology portfolio increasingly more troublesome and time-consuming. Thus, it is apparent that a more innovative, convenient and usable security management solution is vital. This thesis investigates current online awareness tools and reviews studies which try to enhance cybersecurity awareness and education among the home users. It is evident from the analysis that most of the studies which have made efforts in proposing “one-fits-all” solutions do not have the ability to provide the users with a tailored awareness content based on a number of criteria such as the current needs, prior knowledge, and security priorities for each user. The thesis proposes an approach for improving security management and awareness for home users by providing them with a customised security awareness. A design science research methodology has been used for understanding the current problem, creating and developing an artefact which can enhance security management and awareness for home users. A number of security controls and requirements were identified which need to be managed and monitored for different technologies and services. In addition, the research designed several preliminary interfaces which can show the main components and aspects in the proposed solution based on HCI principles. A participant-based study was undertaken to get feedback on the initial design requirements and interfaces. A survey of 434 digital device users was undertaken and reveal result that there is a positive correlation between the security concern, knowledge and management amongst home users towards different security aspects. Positive feedback and some valuable comments were received about the preliminary interface designs in terms of the usability and functionality aspects. This builds into a final design phase which proposes a novel architecture for enhancing security management and awareness for home users. The proposed framework is capable of creating and assigning different security policies for different digital devices. These assigned policies are monitored, checked and managed in order to review the user’s compliance with the assigned policies and provide bespoke security awareness. In addition. A mockup design was developed to simulate the proposed framework to show different interactions with different components and sections in order to visualise the main concepts and the functions which might be performed when it is deployed in a real environment. Ultimately, two separate focus group discussions, involving experts and end-users have been conducted in order to provide a comprehensive evaluation of the identified research problem, the feasibility and the effectiveness of the proposed approach. The overall feedback of the two discussions can be considered as positive, constructive and encouraging. The experts agreed that the identified research problem is very important and a real problem. In addition, the participants agreed that the proposed framework is feasible and effective in improving security management and awareness for home users. The outcomes have also shown a reasonable level of satisfaction from the participants towards different components and aspects of the proposed design.Saudi governmen

Metodología de implantación de modelos de gestión de la información dentro de los sistemas de planificación de recursos empresariales. Aplicación en la pequeña y mediana empresa

La Siguiente Generación de Sistemas de Fabricación (SGSF) trata de dar respuesta a los requerimientos de los nuevos modelos de empresas, en contextos de inteligencia, agilidad y adaptabilidad en un entono global y virtual. La Planificación de Recursos Empresariales (ERP) con soportes de gestión del producto (PDM) y el ciclo de vida del producto (PLM) proporciona soluciones de gestión empresarial sobre la base de un uso coherente de tecnologías de la información para la implantación en sistemas CIM (Computer-Integrated Manufacturing), con un alto grado de adaptabilidad a la estnictura organizativa deseada. En general, esta implementación se lleva desarrollando hace tiempo en grandes empresas, siendo menor (casi nula) su extensión a PYMEs. La presente Tesis Doctoral, define y desarrolla una nueva metodología de implementación pan la generación automática de la información en los procesos de negocio que se verifican en empresas con requerimientos adaptados a las necesidades de la SGSF, dentro de los sistemas de gestión de los recursos empresariales (ERP), atendiendo a la influencia del factor humano. La validez del modelo teórico de la metodología mencionada se ha comprobado al implementarlo en una empresa del tipo PYME, del sector de Ingeniería. Para el establecimiento del Estado del Arte de este tema se ha diseñado y aplicado una metodología específica basada en el ciclo de mejora continua de Shewhart/Deming, aplicando las herramientas de búsqueda y análisis bibliográfico disponibles en la red con acceso a las correspondientes bases de datos