The University of Southampton
University of Southampton Institutional Repository

Cybersecurity for SMEs: introducing the human element into socio-technical cybersecurity risk assessment

Cybersecurity for SMEs: introducing the human element into socio-technical cybersecurity risk assessment
Cybersecurity for SMEs: introducing the human element into socio-technical cybersecurity risk assessment
Small and medium-sized enterprises (SMEs) rarely conduct a thorough cyber-risk assessment and they may face various internal issues when attempting to set up cyber-risk strategies. In this work, we apply a user journey approach to model human behaviour and visually map SMEs’ practices and threats, along with a visualisation of the socio-technical actor network, targeted specifically at the risks highlighted in the user journey. By using a combination of cybersecurity-related visualisations, our goals are: i) to raise awareness about cybersecurity, and ii) to improve communication among IT personnel, security experts, and non-technical personnel. To achieve these goals, we combine two modelling languages: Customer Journey Modelling Language (CJML) is a visual language for modelling and visualisation of work processes in terms of user journeys. System Security Modeller (SSM) is an asset-based risk-analysis tool for socio-technical systems. By demonstrating the languages’ supplementary nature through a threat scenario and considering related theories, we believe that there is a sound basis to warrant further validation of CJML and SSM together to raise awareness and handle cyber threats in SMEs.
266-274
Boletsis, Costas
43c234e1-6251-41c9-87b7-3bc4814840c3
Halvorsrud, Ragnhild
57c50c4b-1458-41a4-b81f-4b56e4d644b7
Pickering, J .Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Phillips, Stephen
47610c30-a543-4bac-a96a-bc1fce564a59
Surridge, Michael
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Hurter, Christopher
Purchase, Helen
Braz, Jose
Bouatouch, Kadi
Boletsis, Costas
43c234e1-6251-41c9-87b7-3bc4814840c3
Halvorsrud, Ragnhild
57c50c4b-1458-41a4-b81f-4b56e4d644b7
Pickering, J .Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Phillips, Stephen
47610c30-a543-4bac-a96a-bc1fce564a59
Surridge, Michael
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Hurter, Christopher
Purchase, Helen
Braz, Jose
Bouatouch, Kadi

Boletsis, Costas, Halvorsrud, Ragnhild, Pickering, J .Brian, Phillips, Stephen and Surridge, Michael (2021) Cybersecurity for SMEs: introducing the human element into socio-technical cybersecurity risk assessment. Hurter, Christopher, Purchase, Helen, Braz, Jose and Bouatouch, Kadi (eds.) In Proceedings of the 16th International Joint Conference in Computer Vision, Imaging and Computer Graphics Theory and Applications. vol. 3, pp. 266-274 . (doi:10.5220/0010332902660274).

Record type: Conference or Workshop Item (Paper)

Abstract

Small and medium-sized enterprises (SMEs) rarely conduct a thorough cyber-risk assessment and they may face various internal issues when attempting to set up cyber-risk strategies. In this work, we apply a user journey approach to model human behaviour and visually map SMEs’ practices and threats, along with a visualisation of the socio-technical actor network, targeted specifically at the risks highlighted in the user journey. By using a combination of cybersecurity-related visualisations, our goals are: i) to raise awareness about cybersecurity, and ii) to improve communication among IT personnel, security experts, and non-technical personnel. To achieve these goals, we combine two modelling languages: Customer Journey Modelling Language (CJML) is a visual language for modelling and visualisation of work processes in terms of user journeys. System Security Modeller (SSM) is an asset-based risk-analysis tool for socio-technical systems. By demonstrating the languages’ supplementary nature through a threat scenario and considering related theories, we believe that there is a sound basis to warrant further validation of CJML and SSM together to raise awareness and handle cyber threats in SMEs.

Text
Boletsis_etal_2021 - Version of Record
Download (691kB)

More information

Published date: 8 February 2021
Venue - Dates: 16th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications, Virtual, 2021-02-08 - 2021-02-10

Identifiers

Local EPrints ID: 485488
URI: http://eprints.soton.ac.uk/id/eprint/485488
PURE UUID: b65346b1-1947-45fc-ac1f-49589693a962
ORCID for J .Brian Pickering: ORCID iD orcid.org/0000-0002-6815-2938
ORCID for Stephen Phillips: ORCID iD orcid.org/0000-0002-7901-0839
ORCID for Michael Surridge: ORCID iD orcid.org/0000-0003-1485-7024

Catalogue record

Date deposited: 07 Dec 2023 17:34
Last modified: 26 Aug 2024 01:32

Export record

Altmetrics

Contributors

Author: Costas Boletsis
Author: Ragnhild Halvorsrud
Author: Stephen Phillips ORCID iD
Author: Michael Surridge ORCID iD
Editor: Christopher Hurter
Editor: Helen Purchase
Editor: Jose Braz
Editor: Kadi Bouatouch

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×