Parkin, S;
Fielder, A;
Ashby, A;
(2016)
Pragmatic Security: Modelling IT Security Management Responsibilities for SME Archetypes.
In: You, I and Bertino, E, (eds.)
MIST '16: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats.
(pp. pp. 69-80).
Association for Computing Machinery (ACM): New York, NY, USA.
Preview |
Text
MIST_preprint.pdf - Accepted Version Download (1MB) | Preview |
Abstract
Here we model the indirect costs of deploying security controls in small-to-medium enterprises (SMEs) to manage cyber threats. SMEs may not have the in-house skills and collective capacity to operate controls efficiently, resulting in inadvertent data leakage and exposure to compromise. Aside from financial costs, attempts to maintain security can impact morale, system performance, and retraining requirements, which are modelled here. Managing the overall complexity and effectiveness of an SME's security controls has the potential to reduce unintended leakage. The UK Cyber Essentials Scheme informs basic control definitions, and Available Responsibility Budget (ARB) is modelled to understand how controls can be prioritised for both security and usability. Human factors of security and practical experience of security management for SMEs inform the modelling of deployment challenges across a set of SME archetypes differing in size, complexity, and use of IT. Simple combinations of controls are matched to archetypes, balancing capabilities to protect data assets with the effort demands placed upon employees. Experiments indicate that two-factor authentication can be readily adopted by many SMEs and their employees to protect core assets, followed by correct access privileges and anti-malware software. Service and technology providers emerge as playing an important role in improving access to usable security controls for SMEs.
| Type: | Proceedings paper |
|---|---|
| Title: | Pragmatic Security: Modelling IT Security Management Responsibilities for SME Archetypes |
| Event: | 8th ACM CCS International Workshop on Managing Insider Security Threats (MIST '16) |
| Location: | Vienna, Austria |
| Dates: | 28 October 2016 - 28 October 2016 |
| ISBN-13: | 9781450345712 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1145/2995959.2995967 |
| Publisher version: | https://doi.org/10.1145/2995959.2995967 |
| Language: | English |
| Additional information: | Copyright © 2016 ACM. |
| Keywords: | SME Security; Cyber Essentials; Security Effort |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/1520887 |
Archive Staff Only
 |
View Item |
