Abstract
Cyber Security risks and attacks are on the rise, especially at the light of the recent events in the geopolitical landscape. Cyber attacks are not longer targeting big organisations such as governments, institutions or global companies. Smaller businesses and even citizens are now also being hit by cyber attacks, either directly or as a result of side effects. At the same time, the regulation and legislative pressure to prevent cyber attacks is increasing, especially in Europe. In order to protect Small and Medium Enterprises (SMEs), different labels, specific standards or practical guidelines are being developed. This papers makes a comparative survey of such initiatives with the aim to initiate such an approach in Belgium in a consistent way with other existing approaches and also to enable longer term convergence with a possible European scheme. Our goal is to reach enough SMEs with a basic level of cyber security and engage them in continuous improvement to keep a sustainable but efficient level of security. At a more practical level, we report about how to set up the overall organisational structures, basic management processes and some supporting tools.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Business Continuity Institute: BCI Horizon Scan Report 2018 (2018). https://www.bsigroup.com/LocalFiles/en-GB/iso-22301/case-studies/BCI-Horizon-Scan-Report-2018-FINAL.pdf
Smith, M.: Huge rise in hack attacks as cyber-criminals target small businesses (2016). http://bit.do/sme-attack-rise
Symantec: 2017 Internet Security Threat Report (2017). https://www.symantec.com/security-center
Hayes, J., Bodhani, A.: Cyber security: small firms under fire [information technology professionalism]. Eng. Technol. 8, 80–83 (2013)
Osborn, E., Creese, S., Upton, D.: Business vs technology: sources of the perceived lack of cyber security in SMEs. In: Proceedings of the 1st International Conference on on Cyber Security for Sustainable Society (2015)
Donovan, S.: Annual Report to Congress, Federal Information Security Modernization Act. Office of Management and Budget (2016). http://bit.do/fisma-report-15
Slye, J.: Federal Cybersecurity Incidents Continued Double-Digit Growth (2016). http://bit.do/cybersecurity-incidents
Kaspersky Lab: Measuring Financial Impact of IT Security on Businesses (2016)
Muller, P., et al.: Annual Report on European SMEs 2014/2015. European Commission (2015)
Leclair, J.: Testimony of Dr. Jane Leclair before the U.S. House of Representatives Committee on Small Business (2015). http://bit.do/sme-leclair
CybSafe: Enterprise IT leaders demanding more stringent cyber security from suppliers (2017). http://bit.do/cybsafe
ISO: ISO/IEC 27000 Family - Information Security Management Systems (2013). https://www.iso.org/isoiec-27001-information-security.html
UK Government: Cyber Essentials (2016). https://www.cyberaware.gov.uk/cyberessentials
Whalen, A.: Digital Europe’s views on cybersecurity certification and labelling schemes (2017). http://bit.ly/2m3dyLV
Ponsard, C., Grandclaudon, J., Dallons, G.: Towards a cyber security label for SMEs: a European perspective. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, ICISSP 2018, Funchal, Madeira, Portugal, 22–24 January 2018, pp. 426–431 (2018)
Boateng, Y., Osei, E.: Cyber-Security Challenges with SMEs. Developing Economies: Issues of Confidentiality, Integrity & Availability. Aalborg University (2013)
Padfield, C.: Issues of IT Governance and Information Security from an SME & Social Enterprise Perspective. MSc Edinburgh Napier University (2015)
FFIEC: Federal Financial Institutions Examination Council. https://www.ffiec.gov
ENISA: Information security and privacy standards for SMEs (2015). https://www.enisa.europa.eu/publications/standardisation-for-smes
Digital SME Alliance: European Cybersecurity Strategy: Fostering the SME Ecosystem (2017). http://bit.do/digital-europe
EU: Strengthening Europe’s Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2016%3A410%3AFIN
ECSO: State of the Art - Overview of existing Cybersecurity standards and certification schemes v2 (2017). https://www.ecs-org.eu/documents/publications/5a31129ea8e97.pdf
ECSO: European Cyber Security Certification: A Meta - Scheme Approach v1.0 (2017). https://www.ecs-org.eu/documents/publications/5a3112ec2c891.pdf
EU: General data protection regulation (2016). http://eur-lex.europa.eu/eli/reg/2016/679/oj
Certification Europe: Cyber essentials self assessment (2018). https://www.cyberessentials.ie/self-assessment
Vertrauen durch Siecherhiet: A Brief Assessment for SMEs - Quick Check for Cyber Security (2017). http://vds-quick-check.de
ISO/IEC: 15408–1:2009 Common Criteria for Information Technology Security Evaluation (2009). https://www.commoncriteriaportal.org
Ponsard, C., Massonet, P., Molderez, J.F.: Bringing the Common Critera to Business Enterprise. ERCIM News, Special Issue on Security and Trust Management (2005)
ANSSI: Charte d’utilisation des moyens informatiques et des outils numériques - guide d’élaboration en 9 points clés pour PME et ETI (2017). https://www.ssi.gouv.fr/uploads/2017/06/guide-charte-utilisation-moyens-informatiques-outils-numeriques_anssi.pdf
ANSSI: MOOC SecNumacadémie (2018). https://www.secnumacademie.gouv.fr
ANSSI: France Cybersecurity Label (2014). https://www.francecybersecurity.fr
Lieberman, D.: Practical advice for SMBS to use ISO 27001 (2011). http://www.infosecisland.com
NIST: Cybersecurity Framework (2014). https://www.nist.gov/cyberframework
Sage, O.: Every Small Business Should Use the NIST CSF (2015). https://cyber-rx.com
Eubanks, R.: A Small Business No Budget Implementation of the SANS 20 Security Controls. SANS Institute InfoSec Reading Room (2011)
CIS: CIS Controls V6.1 (2016). https://www.cisecurity.org/controls
ISSA: 5173 Security Standard for SMEs (2011). http://www.wlan-defence.com/wp/ISSA-UK.pdf
Schmitz, C., Chenu, D., et al.: Lime survey (2003). https://www.limesurvey.org
Acknowledgements
This research was partly funded by IDEES research projects of the Walloon Region. We thanks Infopole and companies of the cyber security cluster for their support. We also thanks Sébastien Bal (HELHA) for prototyping the on-line questionnaire.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ponsard, C., Grandclaudon, J. (2019). Survey and Guidelines for the Design and Deployment of a Cyber Security Label for SMEs. In: Mori, P., Furnell, S., Camp, O. (eds) Information Systems Security and Privacy. ICISSP 2018. Communications in Computer and Information Science, vol 977. Springer, Cham. https://doi.org/10.1007/978-3-030-25109-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-25109-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-25108-6
Online ISBN: 978-3-030-25109-3
eBook Packages: Computer ScienceComputer Science (R0)