SMEs’ Confidentiality Concerns for Security Information Sharing
2020 (English)In: IFIP Advances in Information and Communication Technology / [ed] Clarke N.,Furnell S., Springer Science and Business Media Deutschland GmbH , 2020, Vol. 593, p. 289-299Conference paper, Published paper (Refereed)
Abstract [en]
Small and medium-sized enterprises (SME) are considered an essential part of the EU economy; however, highly vulnerable to cyber-attacks. SMEs have specific characteristics which separate them from large companies and influence their adoption of good cybersecurity practices. To mitigate the SMEs’ cybersecurity adoption issues and raise their awareness of cyber threats, we have designed a self-paced security assessment and capability improvement method, CYSEC. CYSEC is a security awareness and training method that utilises self-reporting questionnaires to collect companies’ information about cybersecurity awareness, practices, and vulnerabilities to generate automated recommendations for counselling. However, confidentiality concerns about cybersecurity information have an impact on companies’ willingness to share their information. Security information sharing decreases the risk of incidents and increases users’ self-efficacy in security awareness programs. This paper presents the results of semi-structured interviews with seven chief information security officers (CISOs) of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The results were analysed in respect of the Self-Determination Theory (SDT). The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing. This allows many SMEs to participate in security information sharing activities and supports security experts to have a better overview of common vulnerabilities. © 2020, IFIP International Federation for Information Processing.
Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH , 2020. Vol. 593, p. 289-299
Series
IFIP Advances in Information and Communication Technology
Keywords [en]
Confidentiality concerns, Cybersecurity, Information sharing, Online consent, Small and medium-sized enterprises, Information analysis, Motivation, Network security, Surveys, Capability improvement, Chief information security officers, Security assessment, Self-determination theories, Semi structured interviews, Small- and medium-sized enterprise, Willingness to share, Information dissemination
National Category
Computer Sciences Other Civil Engineering
Identifiers
URN: urn:nbn:se:bth-20903DOI: 10.1007/978-3-030-57404-8_22Scopus ID: 2-s2.0-85098143343ISBN: 9783030574031 (print)OAI: oai:DiVA.org:bth-20903DiVA, id: diva2:1516068
Conference
14th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2020, Mytilene, Greece; 8 July 2020 through 10 July 2020
Funder
EU, Horizon 2020, 740787, 883588
Note
open access
2021-01-112021-01-112021-01-11Bibliographically approved