Cybersecurity for SMEs: Introducing the Human Element into Socio-technical Cybersecurity Risk Assessment

Costas Boletsis, Ragnhild Halvorsrud, J. Pickering, Stephen Phillips, Mike Surridge

Abstract

Small and medium-sized enterprises (SMEs) rarely conduct a thorough cyber-risk assessment and they may face various internal issues when attempting to set up cyber-risk strategies. In this work, we apply a user journey approach to model human behaviour and visually map SMEs’ practices and threats, along with a visualisation of the socio-technical actor network, targeted specifically at the risks highlighted in the user journey. By using a combination of cybersecurity-related visualisations, our goals are: i) to raise awareness about cybersecurity, and ii) to improve communication among IT personnel, security experts, and non-technical personnel. To achieve these goals, we combine two modelling languages: Customer Journey Modelling Language (CJML) is a visual language for modelling and visualisation of work processes in terms of user journeys. System Security Modeller (SSM) is an asset-based risk-analysis tool for socio-technical systems. By demonstrating the languages’ supplementary nature through a threat scenario and considering related theories, we believe that there is a sound basis to warrant further validation of CJML and SSM together to raise awareness and handle cyber threats in SMEs.

Download


Paper Citation


in Harvard Style

Boletsis C., Halvorsrud R., Pickering J., Phillips S. and Surridge M. (2021). Cybersecurity for SMEs: Introducing the Human Element into Socio-technical Cybersecurity Risk Assessment.In Proceedings of the 16th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 1: IVAPP, ISBN 978-989-758-488-6, pages 266-274. DOI: 10.5220/0010332902660274


in Bibtex Style

@conference{ivapp21,
author={Costas Boletsis and Ragnhild Halvorsrud and J. Pickering and Stephen Phillips and Mike Surridge},
title={Cybersecurity for SMEs: Introducing the Human Element into Socio-technical Cybersecurity Risk Assessment},
booktitle={Proceedings of the 16th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 1: IVAPP,},
year={2021},
pages={266-274},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010332902660274},
isbn={978-989-758-488-6},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 16th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 1: IVAPP,
TI - Cybersecurity for SMEs: Introducing the Human Element into Socio-technical Cybersecurity Risk Assessment
SN - 978-989-758-488-6
AU - Boletsis C.
AU - Halvorsrud R.
AU - Pickering J.
AU - Phillips S.
AU - Surridge M.
PY - 2021
SP - 266
EP - 274
DO - 10.5220/0010332902660274