To main content

Cybersecurity for SMEs: Introducing the Human Element into Socio-technical Cybersecurity Risk Assessment

Abstract

Small and medium-sized enterprises (SMEs) rarely conduct a thorough cyber-risk assessment and they may face various internal issues when attempting to set up cyber-risk strategies. In this work, we apply a user journey approach to model human behaviour and visually map SMEs’ practices and threats, along with a visualisation of the socio-technical actor network, targeted specifically at the risks highlighted in the user journey. By using a combination of cybersecurity-related visualisations, our goals are: i) to raise awareness about cybersecurity, and ii) to improve communication among IT personnel, security experts, and non-technical personnel. To achieve these goals, we combine two modelling languages: Customer Journey Modelling Language (CJML) is a visual language for modelling and visualisation of work processes in terms of user journeys. System Security Modeller (SSM) is an asset-based risk-analysis tool for socio-technical systems. By demonstrating the languages’ supplementary n ature through a threat scenario and considering related theories, we believe that there is a sound basis to warrant further validation of CJML and SSM together to raise awareness and handle cyber threats in SMEs.

Category

Academic chapter/article/Conference paper

Client

  • EU / 883188

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Software and Service Innovation
  • University of Southampton

Year

2021

Publisher

SciTePress

Book

Proceedings of the 16th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications

Issue

2021

ISBN

978-989-758-488-6

Page(s)

266 - 274

View this publication at Cristin