Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Elicitation of SME requirements for cybersecurity solutions by studying adherence to recommendations
Fachhochschule Nordwestschweiz, CHE.
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.ORCID iD: 0000-0001-7368-4448
Fachhochschule Nordwestschweiz, CHE.
2018 (English)In: CEUR Workshop Proceedings / [ed] Dalpiaz F.,Franch X.,Kirikova M.,Ralyte J.,Spoletini P.,Chisik Y.,Ferrari A.,Madhavji N.,Palomares C.,Sabetzadeh M.,van der Linden D.,Schmid K.,Charrada E.B.,Sawyer P.,Forbrig P.,Zamansky A., CEUR-WS , 2018, Vol. 2075Conference paper, Published paper (Refereed)
Abstract [en]

[Context and motivation] Small and medium-sized enterprises (SME) have become the weak spot of our economy for cyber attacks. These companies are large in number and often do not have the controls in place to prevent successful attacks, respectively are not prepared to systematically manage their cybersecurity capabilities. [Question/problem] One of the reasons for why many SME do not adopt cybersecurity is that developers of cybersecurity solutions understand little the SME context and the requirements for successful use of these solutions. [Principal ideas/results] We elicit requirements by studying how cybersecurity experts provide advice to SME. The experts' recommendations offer insights into what important capabilities of the solution are and how these capabilities ought to be used for mitigating cybersecurity threats. The adoption of a recommendation hints at a correct match of the solution, hence successful consideration of requirements. Abandoned recommendations point to a misalignment that can be used as a source to inquire missed requirements. Re-occurrence of adoption or abandonment decisions corroborate the presence of requirements. [Contributions] This poster describes the challenges of SME regarding cybersecurity and introduces our proposed approach to elicit requirements for cybersecurity solutions. The poster describes CYSEC, our tool used to capture cybersecurity advice and help to scale cybersecurity requirements elicitation to a large number of participating SME. We conclude by outlining the planned research to develop and validate CYSEC1 Copyright 2018 for this paper by its authors.

Place, publisher, year, edition, pages
CEUR-WS , 2018. Vol. 2075
Series
CEUR Workshop Proceedings, ISSN 1613-0073 ; 2075
Keyword [en]
Cybersecurity, Requirements elicitation, Small medium-sized enterprises, Computer software selection and evaluation, Network security, Cyber security, Cyber-attacks, Medium sized enterprise, Small- and medium-sized enterprise, Requirements engineering
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-16136Scopus ID: 2-s2.0-85045466480OAI: oai:DiVA.org:bth-16136DiVA, id: diva2:1201830
Conference
24th Joint International Conference on Requirements Engineering: Foundation for Software Quality Workshops, Doctoral Symposium, REFSQ-JP,Utrecht
Available from: 2018-04-26 Created: 2018-04-26 Last updated: 2018-04-26Bibliographically approved

Open Access in DiVA

No full text in DiVA

Scopus

Authority records BETA

Fricker, Samuel

Search in DiVA

By author/editor
Fricker, Samuel
By organisation
Department of Software Engineering
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 10 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf