Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Systems Security and Privacy

ICISSP 2018: Information Systems Security and Privacy pp 240–260Cite as

Survey and Guidelines for the Design and Deployment of a Cyber Security Label for SMEs

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 977))

Abstract

Cyber Security risks and attacks are on the rise, especially at the light of the recent events in the geopolitical landscape. Cyber attacks are not longer targeting big organisations such as governments, institutions or global companies. Smaller businesses and even citizens are now also being hit by cyber attacks, either directly or as a result of side effects. At the same time, the regulation and legislative pressure to prevent cyber attacks is increasing, especially in Europe. In order to protect Small and Medium Enterprises (SMEs), different labels, specific standards or practical guidelines are being developed. This papers makes a comparative survey of such initiatives with the aim to initiate such an approach in Belgium in a consistent way with other existing approaches and also to enable longer term convergence with a possible European scheme. Our goal is to reach enough SMEs with a basic level of cyber security and engage them in continuous improvement to keep a sustainable but efficient level of security. At a more practical level, we report about how to set up the overall organisational structures, basic management processes and some supporting tools.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Business Continuity Institute: BCI Horizon Scan Report 2018 (2018). https://www.bsigroup.com/LocalFiles/en-GB/iso-22301/case-studies/BCI-Horizon-Scan-Report-2018-FINAL.pdf

  2. Smith, M.: Huge rise in hack attacks as cyber-criminals target small businesses (2016). http://bit.do/sme-attack-rise

  3. Symantec: 2017 Internet Security Threat Report (2017). https://www.symantec.com/security-center

  4. Hayes, J., Bodhani, A.: Cyber security: small firms under fire [information technology professionalism]. Eng. Technol. 8, 80–83 (2013)

    Google Scholar 

  5. Osborn, E., Creese, S., Upton, D.: Business vs technology: sources of the perceived lack of cyber security in SMEs. In: Proceedings of the 1st International Conference on on Cyber Security for Sustainable Society (2015)

    Google Scholar 

  6. Donovan, S.: Annual Report to Congress, Federal Information Security Modernization Act. Office of Management and Budget (2016). http://bit.do/fisma-report-15

  7. Slye, J.: Federal Cybersecurity Incidents Continued Double-Digit Growth (2016). http://bit.do/cybersecurity-incidents

  8. Kaspersky Lab: Measuring Financial Impact of IT Security on Businesses (2016)

    Google Scholar 

  9. Muller, P., et al.: Annual Report on European SMEs 2014/2015. European Commission (2015)

    Google Scholar 

  10. Leclair, J.: Testimony of Dr. Jane Leclair before the U.S. House of Representatives Committee on Small Business (2015). http://bit.do/sme-leclair

  11. CybSafe: Enterprise IT leaders demanding more stringent cyber security from suppliers (2017). http://bit.do/cybsafe

  12. ISO: ISO/IEC 27000 Family - Information Security Management Systems (2013). https://www.iso.org/isoiec-27001-information-security.html

  13. UK Government: Cyber Essentials (2016). https://www.cyberaware.gov.uk/cyberessentials

  14. Whalen, A.: Digital Europe’s views on cybersecurity certification and labelling schemes (2017). http://bit.ly/2m3dyLV

  15. Ponsard, C., Grandclaudon, J., Dallons, G.: Towards a cyber security label for SMEs: a European perspective. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, ICISSP 2018, Funchal, Madeira, Portugal, 22–24 January 2018, pp. 426–431 (2018)

    Google Scholar 

  16. Boateng, Y., Osei, E.: Cyber-Security Challenges with SMEs. Developing Economies: Issues of Confidentiality, Integrity & Availability. Aalborg University (2013)

    Google Scholar 

  17. Padfield, C.: Issues of IT Governance and Information Security from an SME & Social Enterprise Perspective. MSc Edinburgh Napier University (2015)

    Google Scholar 

  18. FFIEC: Federal Financial Institutions Examination Council. https://www.ffiec.gov

  19. ENISA: Information security and privacy standards for SMEs (2015). https://www.enisa.europa.eu/publications/standardisation-for-smes

  20. Digital SME Alliance: European Cybersecurity Strategy: Fostering the SME Ecosystem (2017). http://bit.do/digital-europe

  21. EU: Strengthening Europe’s Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2016%3A410%3AFIN

  22. ECSO: State of the Art - Overview of existing Cybersecurity standards and certification schemes v2 (2017). https://www.ecs-org.eu/documents/publications/5a31129ea8e97.pdf

  23. ECSO: European Cyber Security Certification: A Meta - Scheme Approach v1.0 (2017). https://www.ecs-org.eu/documents/publications/5a3112ec2c891.pdf

  24. EU: General data protection regulation (2016). http://eur-lex.europa.eu/eli/reg/2016/679/oj

  25. Certification Europe: Cyber essentials self assessment (2018). https://www.cyberessentials.ie/self-assessment

  26. Vertrauen durch Siecherhiet: A Brief Assessment for SMEs - Quick Check for Cyber Security (2017). http://vds-quick-check.de

  27. ISO/IEC: 15408–1:2009 Common Criteria for Information Technology Security Evaluation (2009). https://www.commoncriteriaportal.org

  28. Ponsard, C., Massonet, P., Molderez, J.F.: Bringing the Common Critera to Business Enterprise. ERCIM News, Special Issue on Security and Trust Management (2005)

    Google Scholar 

  29. ANSSI: Charte d’utilisation des moyens informatiques et des outils numériques - guide d’élaboration en 9 points clés pour PME et ETI (2017). https://www.ssi.gouv.fr/uploads/2017/06/guide-charte-utilisation-moyens-informatiques-outils-numeriques_anssi.pdf

  30. ANSSI: MOOC SecNumacadémie (2018). https://www.secnumacademie.gouv.fr

  31. ANSSI: France Cybersecurity Label (2014). https://www.francecybersecurity.fr

  32. Lieberman, D.: Practical advice for SMBS to use ISO 27001 (2011). http://www.infosecisland.com

  33. NIST: Cybersecurity Framework (2014). https://www.nist.gov/cyberframework

  34. Sage, O.: Every Small Business Should Use the NIST CSF (2015). https://cyber-rx.com

  35. Eubanks, R.: A Small Business No Budget Implementation of the SANS 20 Security Controls. SANS Institute InfoSec Reading Room (2011)

    Google Scholar 

  36. CIS: CIS Controls V6.1 (2016). https://www.cisecurity.org/controls

  37. ISSA: 5173 Security Standard for SMEs (2011). http://www.wlan-defence.com/wp/ISSA-UK.pdf

  38. Schmitz, C., Chenu, D., et al.: Lime survey (2003). https://www.limesurvey.org

Download references

Acknowledgements

This research was partly funded by IDEES research projects of the Walloon Region. We thanks Infopole and companies of the cyber security cluster for their support. We also thanks Sébastien Bal (HELHA) for prototyping the on-line questionnaire.

Author information

Authors and Affiliations

  1. CETIC Research Center, Charleroi, Belgium

    Christophe Ponsard & Jeremy Grandclaudon

Authors
  1. Christophe Ponsard
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jeremy Grandclaudon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christophe Ponsard .

Editor information

Editors and Affiliations

  1. IIT-CNR, Pisa, Italy

    Paolo Mori

  2. Plymouth University, Plymouth, UK

    Steven Furnell

  3. MODESTE/ESEO, Angers Cedex 02, France

    Olivier Camp

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ponsard, C., Grandclaudon, J. (2019). Survey and Guidelines for the Design and Deployment of a Cyber Security Label for SMEs. In: Mori, P., Furnell, S., Camp, O. (eds) Information Systems Security and Privacy. ICISSP 2018. Communications in Computer and Information Science, vol 977. Springer, Cham. https://doi.org/10.1007/978-3-030-25109-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-25109-3_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-25108-6

  • Online ISBN: 978-3-030-25109-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation