 Calculated risk? A cybersecurity evaluation tool for SMEsMichael Benz and Dave Chatterjee Business Horizons, 2020, vol. 63, issue 4, 531-540 Abstract: Small and medium-sized enterprises (SMEs) are among the least mature and most vulnerable in terms of their cybersecurity risk and resilience. In this article, we describe a methodology developed using the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) as a starting point. The NIST CSF does not meet all the needs of the SME IT leader, but it offers a solid foundation for a useful evaluation and recommendation methodology. We propose an SME cybersecurity evaluation tool (CET) that consists of a 35-question online survey to be completed by IT leaders to self-rate their maturity within the five NIST framework categories: identify, protect, detect, respond, and recover. We outline this approach to cybersecurity risk management before discussing its effectiveness and implications for practitioners. Keywords: NIST; Cyber-risk mitigation; Cybersecurity evaluation tool; Cybersecurity risk management; Cyber resilience (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:eee:bushor:v:63:y:2020:i:4:p:531-540 DOI: 10.1016/j.bushor.2020.03.010 Access Statistics for this article Business Horizons is currently edited by C. M. Dalton More articles in Business Horizons from Elsevier |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.