Cyber Resilience Self-Assessment Tool (CR-SAT) for SMEs

Carias, Juan Francisco; Arrizabalaga, Saioa; Labaka, Leire; Hernantes, Josune

doi:10.1109/access.2021.3085530

Cited by 8 publications

(4 citation statements)

References 28 publications

(43 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fundamentally, control domains are necessary as key controls for risk assessment. Table 4 presents the extracted shared control domains among the CSMA frameworks reported in seven research articles [20,25,28,32,33,35,39]. Based on the obtained results, common control domains that can be streamlined and evaluated in the risk assessment stage were found evident.…”

Section: Rq4: What Are the Shared Control Domains Between The Existin...mentioning

confidence: 97%

“…Considering that SMEs and start-ups are similar in terms of size [5], seven other research articles that focused on CSMA frameworks for SMEs were also identified: 1) Cybersecurity Risk Management in Small and Medium-Sized Enterprises: A Systematic Review of Recent Evidence [9] 2) The framework of Effective Risk Management in Small and Medium Enterprises (SMEs): A Literature Review [19] 3) A Dynamic Simulation Approach to Support the Evaluation of Cyber Risks and Security Investments in SMEs [22] 4) A Novel Cybersecurity Framework for Countermeasure of SMEs in Saudi Arabia [26] 5) Calculated Risk? A Cybersecurity Evaluation Tool for SMEs [30] 6) Cyber Resilience Self-Assessment Tool (CR-SAT) for SMEs [32] 7) Reference Framework "HOGO" for Cybersecurity in SMEs based on ISO27002 and 27032 [39] Overall, this study identified 37 CSMA frameworks from 24 research articles. Adding to that, only seven frameworks were reported to be specifically targeted for SMEs, whereas only one framework for start-ups was identified.…”

Section: Rq1: What Are the Cyber Security Maturity Assessment (Csma) ...mentioning

confidence: 99%

“…National Initiative for Cybersecurity Education Capability Maturity Model (NICE) [28], [31], [32], [34],…”

Section: Rq3: Do the Existing Csma Framework Assess The Cyber Securit...mentioning

confidence: 99%

See 2 more Smart Citations

Cyber Security Maturity Assessment Framework for Technology Startups: A Systematic Literature Review

et al. 2023

View full text Add to dashboard Cite

Cybersecurity has gained increasing interest among firms of different sizes and industries due to the significant rise of cyber-attacks over time. Technology start-ups are particularly vulnerable to cyberattacks, as appropriate security measures cannot be executed due to their limited human capital and financial resources to quantify cyber risks and allocate appropriate investments to cyber security. Focusing on technology start-ups, this study conducted a systematic literature review on cyber security maturity assessment frameworks. This study addressed five research questions on the existing cyber security maturity assessment frameworks in various industries, the target for implementation, cyber security maturity level, and shared control domains of these frameworks, and the quantification of the return of cyber security investments. Referring to the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA) checklist, a detailed analysis was performed on 23 published research articles (out of 1,772) from reputable journals and conference proceedings from January 2011 to June 2022. The obtained results revealed the lack of a cyber security maturity assessment framework for technology start-ups. Despite the similarities in the cyber security maturity level for certain frameworks, the results revealed no singular framework that can evaluate the cyber security maturity level for technology start-ups. The results further revealed the lack of studies on the quantification of the return of cyber security investments in an end-to-end cyber security maturity assessment framework for technology start-ups.INDEX TERMS Technology start-up; cyber security maturity; cyber security framework; cyber risk quantification; return of security investment

show abstract

Section: Rq4: What Are the Shared Control Domains Between The Existin...mentioning

confidence: 97%

Section: Rq1: What Are the Cyber Security Maturity Assessment (Csma) ...mentioning

confidence: 99%

See 1 more Smart Citation

Cyber Security Maturity Assessment Framework for Technology Startups: A Systematic Literature Review

et al. 2023

View full text Add to dashboard Cite

show abstract

“…This supports early ndings (Haque, et al, 2018) which states that "although many of the frameworks provide some subjective guidance of resilience study, they all lack clear explanation on the quantitative resilience metrics formulation". Recent research attempts to resolve such challenges (Carías, et al, 2021) produced a Cyber Resilience Assessment tool to aid Small and Medium Enterprises (SMEs) in their CR operationalisation. Three case studies formed the basis for this study with reported success.…”

Section: Literature Reviewmentioning

confidence: 99%

A cyber resilience analysis case study of an industrial operational technology environment

Perrett

Wilson

2023

Environ Syst Decis

View full text Add to dashboard Cite

Cyber resilience is an active research area offering a novel approach to Cyber Security. The term appeared due to the concerning number of cyber-attacks on critical infrastructure. The National Institute of Standards and Technology (NIST) developed a framework to assist organisations with techniques and approaches to improving cyber resilience. However, there is a sparsity of case studies that speak to the adoption or measurement of these novel approaches within a complex industrial control environment. This paper presents a case study analysis of a manufacturing plant assessment drawing on key themes from the NIST literature. The paper presents how well NIST constructs can be adopted to nd cyber resilient enhancement opportunities and to decide if an evaluation of the results could supply a quantitative baseline measure of an organisation's overall resilience. Conclusions drawn show that although the framework did partially aid with the analysis process, the frameworks ease of adoption assumes an organisation has a conventional cyber security foundation; NIST should make this clear within their guidance. Furthermore, the accompanying evaluation process was not su cient to quantitatively measure the overall cyber resilience maturity for this case study.

show abstract