UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Pragmatic Security: Modelling IT Security Management Responsibilities for SME Archetypes

Parkin, S; Fielder, A; Ashby, A; (2016) Pragmatic Security: Modelling IT Security Management Responsibilities for SME Archetypes. In: You, I and Bertino, E, (eds.) MIST '16: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats. (pp. pp. 69-80). Association for Computing Machinery (ACM): New York, NY, USA. Green open access

[thumbnail of MIST_preprint.pdf]
Preview
Text
MIST_preprint.pdf - Accepted Version

Download (1MB) | Preview

Abstract

Here we model the indirect costs of deploying security controls in small-to-medium enterprises (SMEs) to manage cyber threats. SMEs may not have the in-house skills and collective capacity to operate controls efficiently, resulting in inadvertent data leakage and exposure to compromise. Aside from financial costs, attempts to maintain security can impact morale, system performance, and retraining requirements, which are modelled here. Managing the overall complexity and effectiveness of an SME's security controls has the potential to reduce unintended leakage. The UK Cyber Essentials Scheme informs basic control definitions, and Available Responsibility Budget (ARB) is modelled to understand how controls can be prioritised for both security and usability. Human factors of security and practical experience of security management for SMEs inform the modelling of deployment challenges across a set of SME archetypes differing in size, complexity, and use of IT. Simple combinations of controls are matched to archetypes, balancing capabilities to protect data assets with the effort demands placed upon employees. Experiments indicate that two-factor authentication can be readily adopted by many SMEs and their employees to protect core assets, followed by correct access privileges and anti-malware software. Service and technology providers emerge as playing an important role in improving access to usable security controls for SMEs.

Type: Proceedings paper
Title: Pragmatic Security: Modelling IT Security Management Responsibilities for SME Archetypes
Event: 8th ACM CCS International Workshop on Managing Insider Security Threats (MIST '16)
Location: Vienna, Austria
Dates: 28 October 2016 - 28 October 2016
ISBN-13: 9781450345712
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/2995959.2995967
Publisher version: https://doi.org/10.1145/2995959.2995967
Language: English
Additional information: Copyright © 2016 ACM.
Keywords: SME Security; Cyber Essentials; Security Effort
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/1520887
Downloads since deposit
715Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item