Implementing a Cybersecurity Maturity Model to Improve Risk Management Practices in Small and Medium Enterprises

Authors

  • Camille Dubois IT Security Manager, France Author

Keywords:

Cybersecurity, Risk Management, SMEs, Maturity Model, Information Security, Organizational Resilience

Abstract

Small and Medium Enterprises (SMEs) are increasingly vulnerable to cybersecurity threats, yet often lack the structural capabilities and resources to mitigate risk effectively. This paper proposes the implementation of a Cybersecurity Maturity Model (CMM) tailored for SMEs to enhance their risk management strategies. Drawing upon pre-2022 literature, this study examines how adopting a phased maturity framework can incrementally develop organizational resilience. It provides a conceptual and practical foundation for SMEs seeking to align cybersecurity efforts with risk management best practices while overcoming financial and technical constraints.

References

AlBakri, S. H., et al. "Security Challenges and Practices in SMEs: A Malaysian Perspective." Journal of Information Security, vol. 5, no. 2, 2014, pp. 59–71.

Gwebu, K. L., Wang, J., and Zhu, D. X. "Do Organizations Learn from Breach Incidents? An Empirical Analysis." Journal of Organizational Computing and Electronic Commerce, vol. 28, no. 3, 2018, pp. 181–202.

Heidt, M., Gerlach, J. P., and Buxmann, P. "Investigating the Cybersecurity Awareness of SMEs in the Context of Digital Transformation." Information Systems Frontiers, vol. 21, no. 6, 2019, pp. 1347–1364.

Susanto, H., Almunawar, M. N., and Tuan, Y. C. "Information Security Management System Standards: A Comparative Study of the Big Five." International Journal of Electrical & Computer Sciences, vol. 11, no. 5, 2011, pp. 23–29.

Tankard, C. "Advanced Persistent Threats and How to Monitor and Deter Them." Network Security, no. 8, 2012, pp. 16–19.

National Institute of Standards and Technology (NIST). Framework for Improving Critical Infrastructure Cybersecurity. Version 1.1, NIST, 2018.

Carcary, M., et al. "A Maturity Model for Information Governance in the Financial Services Sector." Journal of Decision Systems, vol. 25, sup. 1, 2016, pp. 354–368.

SANS Institute. Security Leadership Essentials for Managers. SANS Reading Room, 2020.

Bada, A., Sasse, A. M., and Nurse, J. R. C. "Cyber Security Awareness Campaigns: Why Do They Fail to Change Behaviour?" arXiv preprint, arXiv:1901.02672, 2019.

PwC. Global State of Information Security Survey 2021. PricewaterhouseCoopers, 2021.

European Union Agency for Cybersecurity (ENISA). Cybersecurity Guidelines for SMEs. ENISA Report, 2020.

IBM Security. Cost of a Data Breach Report 2021. IBM, 2021.

ISO/IEC. ISO/IEC 27001:2013 Information Technology – Security Techniques – Information Security Management Systems – Requirements. International Organization for Standardization, 2013.

Verizon. 2021 Data Breach Investigations Report. Verizon Enterprise Solutions, 2021.

Spremić, M., and Šimunic, A. "Cyber Security Challenges in the Internet of Things Era." Journal of Information and Organizational Sciences, vol. 42, no. 1, 2018, pp. 1–18.

Downloads

Published

2022-07-15

Issue

Vol. 3 No. 01 (2022): ISCSITR- INTERNATIONAL JOURNAL OF CYBER SECURITY (ISCSITR-IJCS)

Section

Articles

License

Copyright (c) 2022 Camille Dubois (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

Camille Dubois. (2022). Implementing a Cybersecurity Maturity Model to Improve Risk Management Practices in Small and Medium Enterprises. ISCSITR- INTERNATIONAL JOURNAL OF CYBER SECURITY (ISCSITR-IJCS) ISSN (Online): 3067-7254, 3(01), 1-7. https://iscsitr.in/index.php/ISCSITR-IJCS/article/view/ISCSITR-IJCS_03_01_001