Abstract
Information security is a critical concern for small and medium-sized enterprises (SMEs) in today’s world. The increasing number of security incidents and their growing complexity and sophistication pose a serious threat to SMEs. They need to be able to understand information security risks and rely on tailored solutions and frameworks to establish an appropriate information security posture. In order to provide targeted assistance to these organisations in their security efforts, it is important to identify the areas of research that have already been considered in this context and highlight important avenues for future research open to the academic community. To address this challenge, the research objective of this publication is to provide a fundamental overview of the existing research in SME information security and the future work that is yet to be done. In doing so, we aim to establish a baseline to guide future research in this area. We pursued this research objective by conducting a multi-vocal, systematic literature review within seven scientific databases and further consider grey literature on the topic. A total of 112 scientific publications and 16 grey literature sources were clustered to provide an adequate overview of existing research in SME information security. Furthermore, the publications have been reviewed for their implications for future directions of research. In doing so, we have provided an overview of research in the field of SME information security and provided the academic community with open research gaps to consider for future research efforts.
References
Fawad Ahmed, Aqil Burney, and Ahsan Malik. Security aspects of virtualization and its impact on business information security. In 2020 International Conference on Information Science and Communication Technology (ICISCT), pages 1–9. IEEE, 2020. https://doi.org/10.1109/ICISCT49550.2020.9080029doi:10.1109/ICISCT 49550.2020.9080029.
Queen A Aigbefo, Yvette Blount, and Mauricio Marrone. The influence of hardiness and habit on security behaviour intention. Behaviour & Information Technology, 41(6):1151–1170, 2022. https://doi.org/10.1080/0144929X.2020.1856928doi:10.1080/0144929X.2020.1856928.
Adedolapo Akin-Adetoro and Salah Kabanda. Factors affecting the adoption of byod in south african small and medium enterprises. The Electronic Journal of Information Systems in Developing Countries, 87(6):e12185, 2021. https://doi.org/10.1002/isd2.12185doi:10.1002/isd2.12185.
Abdulmajeed Alahmari and Bob Duncan. Cybersecurity risk management in small and medium-sized enterprises: A systematic review of recent evidence. In 2020 international conference on cyber situational awareness, data analytics and assessment (CyberSA), pages 1–5. IEEE, 2020. https://doi.org/10.1109/CyberSA49311.2020.9139638 doi:10.1109/CyberSA49311.2020.9139638.
Abdulmajeed Abdullah Alahmari and Robert Anderson Duncan. Towards cybersecurity risk management investment: A proposed encouragement factors framework for smes. In 2021 IEEE International Conference on Computing (ICOCO), pages 115–121. IEEE, 2021. https://doi.org/10.1109/ICOCO53166.2021.9673554 doi:10.1109/ICOCO53166.2021.9673554.
Jenan Alawadhi, Amna Murad AlJanabi, Moaiad Ahmad Khder, Basel JA Ali, and Riyad F Al-Shalabi. Internet of things (iot) security risks: Challenges for business. In 2022 ASU International Conference in Emerging Technologies for Sustainability and Intelligent Systems (ICETSIS), pages 450–456. IEEE, 2022. https://doi.org/10.1109/ICETSIS55481.2022.9888930 doi:10.1109/ICETSIS55481.2022.9888930.
Fatimah Alghamdi, Nermin Hamza, and Moutasm Tamimi. Factors that influence the adoption of information security on requirement phase for custom-made software at smes. In 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), pages 1–6. IEEE, 2019. https://doi.org/10.1109/CAIS.2019.8769519 doi:10.1109/CAIS.2019.8769519.
Adnan Bin Amanat Ali, Ramesh Kumar Ayyasamy, Rehan Akbar, Vasaki Ap Ponnusamy, and Lim Ean Heng. Cybersecurity infrastructure adoption model for malware mitigation in small medium enterprises (sme). In 2022 IEEE 5th International Symposium in Robotics and Manufacturing Automation (ROMA), pages 1–6. IEEE, 2022. https://doi.org/10.1109/ROMA55875.2022.9915696 doi:10.1109/ROMA55875.2022.9915696.
Tariq Alsafi and Ip-Shing Fan. Cloud computing adoption barriers faced by saudi manufacturing smes. In 2020 15th Iberian Conference on Information Systems and Technologies (CISTI), pages 1–6. IEEE, 2020. https://doi.org/10.23919/CISTI49556.2020.9140940 doi:10.23919/CISTI49556.2020.9140940.
Abraham Althonayan and Alina Andronache. Shifting from information security towards a cybersecurity paradigm. In Proceedings of the 2018 10th International Conference on Information Management and Engineering, pages 68–79, 2018. https://doi.org/10.1145/3285957.3285971 doi:10.1145/3285957.3285971.
Mário Antunes, Marisa Maximiano, and Ricardo Gomes. A customizable web platform to manage standards compliance of information security and cybersecurity auditing. Procedia Computer Science, 196:36–43, 2022. https://doi.org/10.1016/j.procs.2021.11.070 doi:10.1016/j.procs.2021.11.070.
Laura Arenda and Oliver Popov. A conceptual model of an intelligent platform for security risk assessment in smes. In 2019 IEEE 13th International Conference on Application of Information and Communication Technologies (AICT), pages 1–8. IEEE, 2019. https://doi.org/10.1109/AICT47866.2019.8981796 doi:10.1109/AICT47866.2019.8981796.
Halldor Arnarson, Faraz Safarpour Kanafi, Tero Kaarlela, Ulrich Seldeslachts, and Roel Pieters. Evaluation of cyber security in agile manufacturing: Maturity of technologies and applications. In 2022 IEEE/SICE International Symposium on System Integration (SII), pages 784–789. IEEE, 2022. https://doi.org/10.1109/SII52469.2022.9708888 doi:10.1109/SII52469.2022.9708888.
Liudmila Astakhova and Nikita Muravyov. A data collection and analysis system for managing the vulnerabilities of users of an information system in a small business. In 2019 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT), pages 193–196. IEEE, 2019. https://doi.org/10.1109/USBEREIT.2019.8736583 doi:10.1109/USBEREIT. 2019.8736583.
Lukas Auer, Christian Skubich, and Matthias Hiller. A security architecture for risc-v based iot devices. In 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), pages 1154–1159. IEEE, 2019. https://doi.org/10.23919/DATE.2019.8714822 doi:10.23919/DATE.2019.8714822.
Bruno Azinheira, Mário Antunes, Marisa Maximiano, and Ricardo Gomes. A methodology for mapping cybersecurity standards into governance guidelines for sme in portugal. Procedia Computer Science, 219:121–128, 2023. https://doi.org/10.1016/j.procs.2023.01.272 doi:10.1016/j.procs.2023.01.272.
Benjamin Bartlett. Government as facilitator: how japan is building its cybersecurity market. Journal of Cyber Policy, 3(3):327–343, 2018. https://doi.org/10.1080/23738871.2018.1550522 doi:10.1080/23738871.2018.1550522.
Rahadian Bisma, Septian Reri Winarto, and Yuanita Candra Puspita. Investigating cyber security factors influencing the perception behavioral intention of small and medium enterprise. In 2021 Fourth International Conference on Vocational Education and Electrical Engineering (ICVEE), pages 1–7. IEEE, 2021. https://doi.org/10.1109/ICVEE54186.2021.9649719 doi:10.1109/ICVEE 54186.2021.9649719.
Nefeli Bountouni, Sotiris Koussouris, Alexandros Vasileiou, and Stylianos A Kazazis. A holistic framework for safeguarding of smes: A case study. In 2023 19th International Conference on the Design of Reliable Communication Networks (DRCN), pages 1–5. IEEE, 2023. https://doi.org/10.1109/DRCN57075.2023.10108247 doi:10.1109/DRCN57075.2023.10108247.
Michael Brunner, Andrea Mussmann, and Ruth Breu. Introduction of a tool-based continuous information security management system: An exploratory case study. In 2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), pages 483–490. IEEE, 2018. https://doi.org/10.1109/QRS-C.2018.00088 doi:10.1109/QRS-C.2018.00088.
Bundesamt für Sicherheit in der Informationstechnik, BSI. Fortschrittliche angriffe – neue qualität aktueller angriffe und prognose, 2021. URL: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Themen/Ransomware_Managementabstract-Angriffe.pdf?__blob=publicationFile&v=2.
Bundesamt für Sicherheit in der Informationstechnik, BSI. Cyber-sicherheit für kmu – die top 14 fragen, 2022. URL: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Broschueren/Cyber-Sicherheit_KMU.pdf?__blob=publicationFile&v=10.
Bundesamt für Sicherheit in der Informationstechnik, BSI. Erste hilfe bei einem schweren it-sicherheitsvorfall, 2022. URL: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Themen/Ransomware_Erste-Hilfe-IT-Sicherheitsvorfall.html.
Bundesamt für Sicherheit in der Informationstechnik, BSI. Maßnahmenkatalog ransomware, 2022. URL: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Themen/Ransomware_Massnahmenkatalog.html.
Eko Budi Cahyono, Suriani Binti Mohd Sam, Noor Hafizah Binti Hassan, Norliza Mohamed, Norulhusna Ahmad, and Yusnaidi Yusuf. A review on cyber resilience model in small and medium enterprises. In 2022 4th International Conference on Smart Sensors and Application (ICSSA), pages 114–119. IEEE, 2022. https://doi.org/10.1109/ICSSA54161.2022.9870952 doi:10.1109/ICSSA54161. 2022.9870952.
Antonio Calcara and Raffaele Marchetti. State-industry relations and cybersecurity governance in europe. Review of International Political Economy, 29(4):1237–1262, 2022. https://doi.org/10.1080/09692290.2021.1913438 doi:10.1080/09692290. 2021.1913438.
Juan Francisco Carías, Saioa Arrizabalaga, Leire Labaka, and Josune Hernantes. Cyber resilience self-assessment tool (cr-sat) for smes. IEEE Access, 9:80741–80762, 2021. https://doi.org/10.1109/ACCESS.2021.3085530 doi:10.1109/ACCESS. 2021.3085530.
Juan Francisco Carías, Marcos RS Borges, Leire Labaka, Saioa Arrizabalaga, and Josune Hernantes. Systematic approach to cyber resilience operationalization in smes. IEEE access, 8:174200–174221, 2020. https://doi.org/10.1109/ACCESS.2020.3026063 doi:10.1109/ACCESS.2020.3026063.
Center for Cyber Security Belgium. Cyber security guide for sme / belgium, 2022. URL: https://www.cybersecuritycoalition.be/resource/cyber-security-guide-sme/.
Ilias Chalvatzis, Dimitrios A Karras, and Rallis C Papademetriou. Using nasl based superscripts to measure system security through analyzing and organizing attacks. In 2019 27th Telecommunications Forum (TELFOR), pages 1–4. IEEE, 2019. https://doi.org/10.1109/TELFOR48224.2019.8971211 doi:10.1109/TELFOR 48224.2019.8971211.
Dimitra Chamou, Petros Toupas, Eleni Ketzaki, Stavros Papadopoulos, Konstantinos M Giannoutakis, Anastasios Drosou, and Dimitrios Tzovaras. Intrusion detection system based on network traffic using deep neural networks. In 2019 IEEE 24th international workshop on computer aided modeling and design of communication links and networks (CAMAD), pages 1–6. IEEE, 2019. https://doi.org/10.1109/CAMAD.2019.8858475 doi:10.1109/CAMAD.2019.8858475.
Sunil Chaudhary, Vasileios Gkioulos, and David Goodman. cybersecurity awareness for small and medium-sized enterprises (smes): availability and scope of free and inexpensive awareness resources. In European Symposium on Research in Computer Security, pages 97–115. Springer, 2022. https://doi.org/10.1007/978-3-031-25460-4_6doi:10.1007/978-3-031-25460-4_6.
Yan Chen. Information security management: compliance challenges and new directions, 2022. https://doi.org/10.1080/15228053.2022.2148979doi:10.1080/15228053.2022.2148979.
Pier Giorgio Chiara. The iot and the new eu cybersecurity regulatory landscape. International Review of Law, Computers & Technology, 36(2):118–137, 2022. https://doi.org/10.1080/13600869.2022.2060468doi:10.1080/13600869.2022.2060468.
Alladean Chidukwani, Sebastian Zander, and Polychronis Koutsakis. A survey on the cyber security of small-to-medium businesses: Challenges, research focus and recommendations. IEEE Access, 10:85701–85719, 2022. https://doi.org/10.1109/ACCESS.2022.3197899 doi:10.1109/ACCESS.2022.3197899.
Chih-Chieh Chiu, Pang-Wei Tsai, and Chu-Sing Yang. Pids: an essential personal information detection system for small business enterprise. In 2021 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME), pages 01–06. IEEE, 2021. https://doi.org/10.1109/ICECCME52200.2021.9590950 doi:10.1109/ICECCME52200.2021.959 0950.
Carlos F Cruzado, Liset S Rodriguez-Baca, Lizeth G Huanca-López, and Erika I Acuña-Salinas. Reference framework “hogo” for cybersecurity in smes based on iso 27002 and 27032. In 2022 12th International Conference on Cloud Computing, Data Science & Engineering (Confluence), pages 35–40. IEEE, 2022. https://doi.org/10.1109/Confluence52989.2022.9734116 doi:10.1109/Confluence52989.2022.9734116.
CSA Singapore. Cybersecurity toolkit for sme owners, 2021. URL: https://www.csa.gov.sg/our-programmes/support-for-enterprises/sg-cyber-safe-programme/cybersecurity-toolkits/enterprise-leaders-and-sme-owners.
Jordi Cucurull, Christos Tselios, Carolina Rueda, Noemi Folch, Fady Copty, Reda Igbaria, Manos Athanatos, Antonios Krithinakis, Sotiris Ioannidis, Jose Francisco Ruiz, et al. Integration of an online voting solution with the smesec security framework. In 2020 IEEE international systems conference (SysCon), pages 1–8. IEEE, 2020. https://doi.org/10.1109/SysCon47679.2020.9275838 doi:10.1109/SysCon47679.2020.9275838.
Cybersecurity & Infrastructure Security Agency. Executive order on improving the nation’s cybersecurity, 2021. Accessed on: 08/12/2024. URL: https://www.cisa.gov/topics/cybersecurity-best-practices/executive-order-improving-nations-cybersecurity.
Jose Emmanuel Cruz de la Cruz, Christian Augusto Romero Goyzueta, and Cristian Delgado Cahuana. Intrusion detection and prevention system for production supervision in small businesses based on raspberry pi and snort. In 2020 IEEE XXVII International Conference on Electronics, Electrical Engineering and Computing (INTERCON), pages 1–4. IEEE, 2020. https://doi.org/10.1109/INTERCON50315.2020.9220240 doi:10.1109/INTERCON50315.2020.9220240.
Danilo D’elia. Industrial policy: the holy grail of french cybersecurity strategy? Journal of Cyber Policy, 3(3):385–406, 2018. https://doi.org/10.1080/23738871.2018.1553988 doi:10.1080/23738871.2018.1553988.
Petr Douchek, Lea Nedomova, Ladislav Luc, and Lubek Novak. Information security: The glory and penury of smes in the czech and slovak republics. In 2020 International Conference on Engineering Management of Communication and Technology (EMCTECH), pages 1–7. IEEE, 2020. https://doi.org/10.1109/EMCTECH49634.2020.9261506 doi:10.1109/EMCTECH49634.2020.9261506.
Olatunde Durowoju, Hing Kai Chan, and Xiaojun Wang. Investigation of the effect of e-platform information security breaches: a small and medium enterprise supply chain perspective. IEEE Transactions on Engineering Management, 69(6):3694–3709, 2020. https://doi.org/10.1109/TEM.2020.3008827 doi:10.1109/TEM.2020.3008827.
Ife Olalekan Ebo, Olorunjube James Falana, Olutosin Taiwo, and Bamidele Alaba Olumuyiwa. An enhanced secured iot model for enterprise architecture. In 2020 International Conference in Mathematics, Computer Engineering and Computer Science (ICMCECS), pages 1–6. IEEE, 2020. https://doi.org/10.1109/ICMCECS47690.2020.247112 doi:10.1109/ICMCECS47690.2020.247112.
Marco Ehrlich, Henning Trsek, Lukasz Wisniewski, and Jürgen Jasperneite. Survey of security standards for an automated industrie 4.0 compatible manufacturing. In IECON 2019-45th Annual Conference of the IEEE Industrial Electronics Society, volume 1, pages 2849–2854. IEEE, 2019. https://doi.org/10.1109/IECON.2019.8927559 doi:10.1109/IECON.2019.8927559.
Ogerta Elezaj, Sule Yildirim Yayilgan, Mohamed Abomhara, Prosper Yeng, and Javed Ahmed. Data-driven intrusion detection system for small and medium enterprises. In 2019 IEEE 24th international workshop on computer aided modeling and design of communication links and networks (CAMAD), pages 1–7. IEEE, 2019. https://doi.org/10.1109/CAMAD.2019.8858166 doi:10.1109/CAMAD.2019.8858166.
Carsten Ellwein, Oliver Riedel, Olga Meyer, and Daniel Schel. Rent’n’produce: A secure cloud manufacturing platform for small and medium enterprises. In 2018 IEEE International Conference on Engineering, Technology and Innovation (ICE/ITMC), pages 1–6. IEEE, 2018. https://doi.org/10.1109/ICE.2018.8436332 doi:10.1109/ICE.2018.8436332.
Asja Emer, Marco Unterhofer, and Erwin Rauch. A cybersecurity assessment model for small and medium-sized enterprises. IEEE Engineering Management Review, 49(2):98–109, 2021. https://doi.org/10.1109/EMR.2021.3078077 doi:10.1109/EMR.2021.3078077.
Philip Empl and Günther Pernul. A flexible security analytics service for the industrial iot. In Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, New York, NY, USA, 2021. Association for Computing Machinery. https://doi.org/10.1145/3445969.3450427 doi:10.1145/ 3445969.3450427.
European Commission. User guide to the sme definition, 2020. https://doi.org/10.2873/255862 doi:10.2873/255862.
European Commission. Cyber resilience act, 2023. URL: https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act.
European Commission. Directive on measures for a high common level of cybersecurity across the union (nis2 directive), 2023. URL: https://digital-strategy.ec.europa.eu/en/policies/nis2-directive.
European Digital SME Alliance. Small business standards – sme guide on information security controls, 2022. URL: https://www.digitalsme.eu/new-sme-guide-on-information-security-controls/.
European Union Agency for Cybersecurity, Enisa. Cybersecurity for smes – challenges and recommentations, 2021. https://doi.org/10.2824/770352 doi:10.2824/770352.
European Union Agency for Cybersecurity, Enisa. Cybersecurity guide for smes – 12 steps – to securing your business, 2021. URL: https://www.enisa.europa.eu/publications/cybersecurity-guide-for-smes.
European Union Agency for Cybersecurity, ENISA. Enisa threat landscape 2023, 2023. https://doi.org/10.2824/782573 doi:10.2824/782573.
European Union Agency for Cybersecurity, Enisa; Cert-EU. Boosting your organisation’s cyber resilience, 2022. URL: https://www.enisa.europa.eu/publications/boosting-your-organisations-cyber-resilience.
Dominic J Farace and Joachim Schöpfel. Grey literature in library and information studies. KG Saur, 2010. https://doi.org/10.1515/9783598441493 doi:10.1515/9783598441493.
Ignacio Fernandez De Arroyabe and Juan Carlos Fernandez de Arroyabe. The severity and effects of cyber-breaches in smes: a machine learning approach. Enterprise Information Systems, 17(3):1942997, 2023. https://doi.org/10.1080/17517575.2021.1942997 doi:10.1080/17517575.2021.1942997.
Pedro Tubío Figueira, Cristina López Bravo, and José Luis Rivas López. Improving information security risk analysis by including threat-occurrence predictive models. Computers & Security, 88:101609, 2020. https://doi.org/10.1016/j.cose.2019.101609 doi:10.1016/j.cose.2019.101609.
Muriel Figueredo Franco, Bruno Rodrigues, Eder John Scheid, Arthur Jacobs, Christian Killer, Lisandro Zambenedetti Granville, and Burkhard Stiller. Secbot: a business-driven conversational agent for cybersecurity planning and management. In 2020 16th international conference on network and service management (CNSM), pages 1–7. IEEE, 2020. https://doi.org/10.23919/CNSM50824.2020.9269037 doi:10.23919/CNSM50824.2020.9269037.
Sébastien Gamache, Georges Abdul-Nour, and Chantal Baril. Evaluation of the influence parameters of industry 4.0 and their impact on the quebec manufacturing smes: The first findings. Cogent Engineering, 7(1):1771818, 2020. https://doi.org/10.1080/23311916.2020.1771818 doi:10.1080/23311916.2020.1771818.
Chris García-Porras, Sarita Huamani-Pastor, and Jimmy Armas-Aguirre. Information security risk management model for peruvian smes. In 2018 IEEE Sciences and Humanities International Research Conference (SHIRCON), pages 1–5. IEEE, 2018. https://doi.org/10.1109/SHIRCON.2018.8592994 doi:10.1109/ SHIRCON.2018.8592994.
Vahid Garousi, Michael Felderer, and Mika V Mäntylä. The need for multivocal literature reviews in software engineering: complementing systematic literature reviews with grey literature. In Proceedings of the 20th international conference on evaluation and assessment in software engineering, pages 1–6, 2016. https://doi.org/10.1145/2915970.2916008 doi:10.1145/2915970.2916008.
Vahid Garousi, Michael Felderer, and Mika V Mäntylä. Guidelines for including grey literature and conducting multivocal literature reviews in software engineering. Information and Software Technology, 106:101–121, 2019. https://doi.org/10.1016/j.infsof.2018.09.006 doi:10.1016/j.infsof.2018.09.006.
R.E. Georgsen and G. Myrdahl Køien. Serious games with sysml: Gamifying threat modelling in a small business setting. In INCOSE International Symposium, volume 32, pages 119–132. Wiley Online Library, 2022. https://doi.org/10.1002/iis2.12902 doi:10.1002/iis2.12902.
Mani Goyal and Avinash Sharma. Enhancing hybrid encryption techniques for secured data processing for small medium enterprises in cloud. In 2021 IEEE International Conference on Technology, Research, and Innovation for Betterment of Society (TRIBES), pages 1–5. IEEE, 2021. https://doi.org/10.1109/TRIBES52498.2021.9751621 doi:10.1109/TRIBES52498.2021.9751621.
Chetna Gupta, Varun Gupta, and Jose Maria Fernandez-Crehuet. A blockchain-enabled solution to improve intra-inter organizational innovation processes in software small medium enterprises. Engineering Reports, 5(7):e12674, 2023. https://doi.org/10.1002/eng2.12674 doi:10.1002/eng2.12674.
Michael Heidenreich. Conceptualization of a measurement method proposal for the assessment of it security in the status quo of micro-enterprises. In 2019 International Conference on Computing, Electronics & Communications Engineering (iCCECE), pages 187–192. IEEE, 2019. https://doi.org/10.1109/iCCECE46942.2019.8941688 doi:10.1109/iCCECE46942.2019.8941688.
Michael Heidenreich. Implementation of an it security measurement method for the evaluation of it security in micro-enterprises. In 2020 International Conference on Computing, Electronics & Communications Engineering (iCCECE), pages 92–97. IEEE, 2020. https://doi.org/10.1109/iCCECE49321.2020.9231113 doi:10.1109/iCCECE49321.2020.9231113.
Michael Heidenreich, Bogdan Franczyk, and Andreas Johannsen. Evaluation study of an it security measurement method for micro-enterprises. In 2022 International Conference on Electrical, Computer and Energy Technologies (ICECET), pages 1–7. IEEE, 2022. https://doi.org/10.1109/ICECET55527.2022.9873487 doi:10.1109/ICECET55527.2022.9873487.
Blake Iyamuremye and Hisato Shima. Network security testing tools for smes (small and medium enterprises). In 2018 IEEE International Conference on Applied System Invention (ICASI), pages 414–417. IEEE, 2018. https://doi.org/10.1109/ICASI.2018.8394272 doi:10.1109/ICASI.2018.8394272.
Marko Jäntti. Studying data privacy management in small and medium-sized it companies. In 2020 14th International Conference on Innovations in Information Technology (IIT), pages 57–62. IEEE, 2020. https://doi.org/10.1109/IIT50501.2020.9299050 doi:10.1109/IIT50501.2020.9299050.
Andreas Johannsen and Daniel Kant. It-governance-, risiko-und compliance-management (it-grc)–ein kompetenzorientierter ansatz für kmu. In Faktor Mensch, pages 275–294. Springer, 2022. https://doi.org/10.1365/s40702-020-00625-8 doi:10.1365/ s40702-020-00625-8.
Salah Kabanda, Maureen Tanner, and Cameron Kent. Exploring sme cybersecurity practices in developing countries. Journal of Organizational Computing and Electronic Commerce, 28(3):269–282, 2018. https://doi.org/10.1080/10919392.2018.1484598 doi:10.1080/10919392.2018.1484598.
Shadab Kalhoro, Ramesh Kumar Ayyasamy, AbdulKarim Kanaan Jebna, Anam Kalhoro, Kesavan Krishnan, and Suresh Nodeson. How personality traits impacts on cyber security behaviors of smes employees. In 2022 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT), pages 635–641. IEEE, 2022. https://doi.org/10.1109/3ICT56508.2022.9990621 doi:10.1109/3ICT56508.2022.9990621.
Evangelia Kavakli, Pericles Loucopoulos, and Yannis Skourtis. Capability oriented re for cybersecurity and personal data protection: Meeting the challenges of smes. In 2022 IEEE 30th International Requirements Engineering Conference Workshops (REW), pages 244–249. IEEE, 2022. https://doi.org/10.1109/REW56159.2022.00053 doi:10.1109/REW56159.2022.00053.
Bong-Jae Kim and Seok-Won Lee. Understanding and recommending security requirements from problem domain ontology: A cognitive three-layered approach. Journal of Systems and Software, 169:110695, 2020. https://doi.org/10.1016/j.jss.2020.110695 doi:10.1016/j.jss.2020.110695.
Barbara Kitchenham. Procedures for performing systematic reviews. Joint Technical Report TR/SE-0401, Keele University, Keele, UK, July 2004. URL: https://www.inf.ufsc.br/~aldo.vw/kitchenham.pdf.
Sushil Kumar et al. Botnet detection techniques and research challenges. In 2019 International Conference on Recent Advances in Energy-efficient Computing and Communication (ICRAECC), pages 1–6. IEEE, 2019. https://doi.org/10.1109/ICRAECC43874.2019.8995028 doi:10.1109/ICRAECC43874.2019.8995028.
Tebogo Kesetse Lejaka, Adéle Da Veiga, and Marianne Loock. Cyber security awareness for small, medium and micro enterprises (smmes) in south africa. In 2019 Conference on Information Communications Technology and Society (ICTAS), pages 1–6. IEEE, 2019. https://doi.org/10.1109/ICTAS.2019.8703609 doi:10.1109/ICTAS.2019.8703609.
Jan Martin Lemnitzer. Why cybersecurity insurance should be regulated and compulsory. Journal of Cyber Policy, 6(2):118–136, 2021. https://doi.org/10.1080/23738871.2021.1880609 doi:10.1080/23738871.2021.1880609.
John Lindström, Jens Eliasson, Anders Hermansson, Fredrik Blomstedt, and Petter Kyösti. Cybersecurity level in ips2: A case study of two industrial internet-based sme offerings. Procedia CIRP, 73:222–227, 2018. https://doi.org/10.1016/j.procir.2018.03.302 doi:10.1016/j.procir.2018.03.302.
Evangelos Mantas, Dimitris Papadopoulos, Carolina Fernández, Nil Ortiz, Maxime Compastié, Antonio López Martínez, Manuel Gil Pérez, Akis Kourtis, George Xylouris, Izidor Mlakar, et al. Practical autonomous cyberhealth for resilient micro, small and medium-sized enterprises. In 2021 IEEE International Mediterranean Conference on Communications and Networking (MeditCom), pages 500–505. IEEE, 2021. https://doi.org/10.1109/MeditCom49071.2021.9647609 doi:10.1109/MeditCom49071.2021.9647609.
Evangelos Markakis, Yannis Nikoloudakis, George Mastorakis, Constandinos X Mavromoustakis, Evangelos Pallis, Anargyros Sideris, Nikolaos Zotos, Jan Antic, Ales Cernivec, Diana Fejzic, et al. Acceleration at the edge for supporting smes security: The fortika paradigm. IEEE Communications Magazine, 57(2):41–47, 2019. https://doi.org/10.1109/MCOM.2019.1800506 doi:10.1109/MCOM.2019.1800506.
Alexander Master, George Hamilton, and J Eric Dietz. Optimizing cybersecurity budgets with attacksimulation. In 2022 IEEE International Symposium on Technologies for Homeland Security (HST), pages 1–7. IEEE, 2022. https://doi.org/10.1109/HST56032.2022.10024984 doi:10.1109/HST56032.2022.10024984.
Peter Mayer and Melanie Volkamer. Addressing misconceptions about password security effectively. In Proceedings of the 7th Workshop on Socio-Technical Aspects in Security and Trust, pages 16–27, 2018. https://doi.org/10.1145/3167996.3167998 doi:10.1145/3167996.3167998.
Sean Maynard, Terrence Tan, Atif Ahmad, and Tobias Ruighaver. Towards a framework for strategic security context in information security governance. Pacific Asia Journal of the Association for Information Systems, 10(4):4, 2018. https://doi.org/10.17705/1PAIS.10403 doi:10.17705/1PAIS.10403.
Steven A Melnyk, Tobias Schoenherr, Cheri Speier-Pero, Chris Peters, Jeff F Chang, and Derek Friday. New challenges in supply chain management: cybersecurity across the supply chain. International Journal of Production Research, 60(1):162–183, 2022. https://doi.org/10.1080/00207543.2021.1984606 doi:10.1080/00207543.2021.1984606.
Suneetha Merugula, G Dinesh, M Kathiravan, Gourab Das, Praful Nandankar, and Santoshachandra Rao Karanam. Study of blockchain technology in empowering the sme. In 2021 International Conference on Artificial Intelligence and Smart Systems (ICAIS), pages 758–765. IEEE, 2021. https://doi.org/10.1109/ICAIS50930.2021.9395831 doi:10.1109/ICAIS50930.2021.9395831.
Mittelstand Digital. Gegen cyberattacken gewappnet – sechs einfallstore für cyberangriffe bei kleineren und mittelständischen unternehmen, 2020. URL: https://www.mittelstand-digital.de/MD/Redaktion/DE/Publikationen/it-sicherheitsrisiko-gegen-cyberatacken.pdf?__blob=publicationFile&v=1.
Mittelstand Digital. Iso 27001 – ein leitfaden zum interformationssicherheitsmanagement, 2021. URL: https://www.mittelstand-digital.de/MD/Redaktion/DE/Publikationen/it-sicherheit-leitfaden-Informationssicherheitsmanagememt.pdf?__blob=publicationFile&v=3.
Izidor Mlakar, Primož Jeran, Valentino Šafran, and Vangelis Logothetis. A cost-effective security framework to protect micro enterprises: Palantir e-commerce use case. In 2021 9th International Symposium on Digital Forensics and Security (ISDFS), pages 1–6. IEEE, 2021. https://doi.org/10.1109/ISDFS52919.2021.9486359 doi:10.1109/ISDFS52919.2021.9486359.
Megat Muazzam Abdul Mutalib, Zuraini Zainol, and Mohd Hazali Mohamed Halip. Mitigating malware threats at small medium enterprise (sme) organisation: A review and framework. In 2021 6th IEEE International Conference on Recent Advances and Innovations in Engineering (ICRAIE), volume 6, pages 1–6. IEEE, 2021. https://doi.org/10.1109/ICRAIE52900.2021.9703991 doi:10.1109/ICRAIE52900.2021.9703991.
Vaibhav S Narwane, Rakesh D Raut, Bhaskar B Gardas, Balkrishna E Narkhede, and Anjali Awasthi. Examining smart manufacturing challenges in the context of micro, small and medium enterprises. International Journal of Computer Integrated Manufacturing, 35(12):1395–1412, 2022. https://doi.org/10.1080/0951192X.2022.2078508 doi:10.1080/0951192X.2022.2078508.
National Institute of Standards and Technology. Framework for improving critical infrastructure cybersecurity – version 1.1, 2018. https://doi.org/10.6028/NIST.CSWP.04162018 doi:10.6028/NIST.CSWP.04162018.
National Institute of Standards and Technology, U.S. Department of Commerce. Small business information security: The fundamentals – nistir 7621 revision 1, 2016. https://doi.org/10.6028/NIST.IR.7621r1 doi:10.6028/NIST.IR.7621r1.
Nationales Zentrum für Cybersicherheit NCSC – Schweizerische Eidgenossenschaft. Merkblatt informationssicherheit für kmus, 2020. URL: https://www.ncsc.admin.ch/ncsc/de/home/infos-fuer/infos-unternehmen/aktuelle-themen/schuetzen-sie-ihr-kmu.html.
Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. A review of the current cyber hygiene in small and medium-sized businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions (ICITST), pages 1–6. IEEE, 2020. https://doi.org/10.23919/ICITST51030.2020.9351339 doi:10.23919/ICITST51030.2020.9351339.
Rohit Negi, S Venkatesan, and Sandeep K Shukla. Implementing Enterprise Cyber Security with Open-Source Software and Standard Architecture: Volume II, chapter Implementation of an Intrusion Detection System and Deception Technologies using Open Source Tools for Small Businesses, pages 151–192. River Publishers, 2023. https://doi.org/10.1201/9781003426134-10 doi:10.1201/9781003426134-10.
Alessandra Neri, Marta Negri, Enrico Cagno, Simone Franzò, Vikas Kumar, Tommaso Lampertico, and Carlo Andrea Bassani. The role of digital technologies in supporting the implementation of circular economy practices by industrial small and medium enterprises. Business Strategy and the Environment, 32(7):4693–4718, 2023. https://doi.org/10.1002/bse.3388 doi:10.1002/bse.3388.
Shekhar Pawar and Hemant Palivela. Lcci: A framework for least cybersecurity controls to be implemented for small and medium enterprises (smes). International Journal of Information Management Data Insights, 2(1):100080, 2022. https://doi.org/10.1016/j.jjimei.2022.100080 doi:10.1016/j.jjimei.2022.100080.
Luís M Pedroso, Virgínia M Araújo, Manuel Perez Cota, and João Paulo Magalhães. How can gdpr fines help smes ensuring the privacy and protection of processed personal data. In 2021 16th Iberian Conference on Information Systems and Technologies (CISTI), pages 1–6. IEEE, 2021. https://doi.org/10.23919/CISTI52073.2021.9476620 doi:10.23919/CISTI52073.2021.9476620.
HMDGV Perera, KM Samarasekara, IUK Hewamanna, DNW Kasthuriarachchi, Kavinga Yapa Abeywardena, and Kanishka Yapa. Netbot-an automated router hardening solution for small to medium enterprises. In 2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pages 0015–0021. IEEE, 2021. https://doi.org/10.1109/IEMCON53756.2021.9623186 doi:10.1109/IEMCON53756.2021.9623186.
Jean-Rémi Piat, Christophe Danjou, Bruno Agard, and Robert Beauchemin. A guideline to implement a cps architecture in an sme. Production & Manufacturing Research, 11(1):2218910, 2023. https://doi.org/10.1080/21693277.2023.2218910 doi:10.1080/21693277.2023.2218910.
Christophe Ponsard, Philippe Massonet, Jeremy Grandclaudon, and Nicolas Point. From lightweight cybersecurity assessment to sme certification scheme in belgium. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 75–78. IEEE, 2020. https://doi.org/10.1109/EuroSPW51379.2020.00019 doi:10.1109/EuroSPW51379.2020.00019.
Andrew Rae and Asma Patel. Developing a security behavioural assessment approach for cyber rating uk msbs. In 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pages 1–8. IEEE, 2020. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 doi:10.1109/CyberSecurity 49315.2020.9138893.
Simona Ramanauskaite, Jogaile Raslanaite, Laima Kaupadiene, et al. Information integrity estimation model for small and medium enterprise. In 2018 IEEE 6th Workshop on Advances in Information, Electronic and Electrical Engineering (AIEEE), pages 1–6. IEEE, 2018. https://doi.org/10.1109/AIEEE.2018.8592443 doi:10.1109/AIEEE.2018.8592443.
Fatema Rashid and Ali Miri. User and event behavior analytics on differentially private data for anomaly detection. In 2021 7th IEEE Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing,(HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), pages 81–86. IEEE, 2021. https://doi.org/10.1109/BigDataSecurityHPSCIDS52275.2021.00025 doi:10.1109/BigDataSecurity HPSCIDS52275.2021.00025.
Julio Alexander Rodríguez-Corzo, Alix E Rojas, and Camilo Mejía-Moncayo. Methodological model based on gophish to face phishing vulnerabilities in sme. In 2018 ICAI Workshops (ICAIW), pages 1–6. IEEE, 2018. https://doi.org/10.1109/ICAIW.2018.8555006 doi:10.1109/ICAIW.2018.8555006.
Nair Rubio, Lurdes Chavarria, and David Mauricio. Security architecture for the protection of digital assets in smes. In 2020 International Conference on Electrical, Communication, and Computer Engineering (ICECCE), pages 1–6. IEEE, 2020. https://doi.org/10.1109/ICECCE49384.2020.9179422 doi:10.1109/ICECCE49384.2020.9179422.
Patrick Ryle, Jie Yan, and Lorraine R Gardiner. Gramm-leach-bliley gets a systems upgrade: What the ftc’s proposed safeguards rule changes mean for small and medium american financial institutions. EDPACS, 65(2):6–17, 2022. https://doi.org/10.1080/07366981.2021.1911387 doi:10.1080/07366981.2021.1911387.
S Sarath, A Asif, and P Aravind. Low-cost security solution for micro, small and medium enterprises. In 2020 IEEE International Conference for Innovation in Technology (INOCON), pages 1–9. IEEE, 2020. https://doi.org/10.1109/INOCON50539.2020.9298273 doi:10.1109/INOCON50539.2020.9298273.
Christopher Schmitz and Sebastian Pape. Lisra: Lightweight security risk assessment for decision support in information security. Computers & Security, 90:101656, 2020. https://doi.org/10.1016/j.cose.2019.101656 doi:10.1016/j.cose.2019.101656.
Ahmad Zia Sharifi, Hashmatullah Zaheer, Mohammad Fahim Azizi, and Jamilurahman Faizi. Detection and prevention of distributed denial of service attacks in smes: the case of cloudplus. In 2019 Sixteenth International Conference on Wireless and Optical Communication Networks (WOCN), pages 1–4. IEEE, 2019. https://doi.org/10.1109/WOCN45266.2019.8995022 doi:10.1109/WOCN45266.2019.8995022.
Erik Silfversten, Erik Frinking, Nathan Ryan, and Marina Favaro. Cybersecurity – a state-of-the-art review – executive summary, 2019. URL: https://repository.wodc.nl/bitstream/handle/20.500.12832/2423/2956_Summary_tcm28-397365.pdf?sequence=1&isAllowed=y.
Heinrihs Kristians Skrodelis and Andrejs Romanovs. Cyber-physical risk security framework development in digital supply chains. In 2021 62nd International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS), pages 1–5. IEEE, 2021. https://doi.org/10.1109/ITMS52826.2021.9615305 doi:10.1109/ITMS52826.2021.9615305.
Heinrihs Kristians Skrodelis, Julija Strebko, and Andrejs Romanovs. The information system security governance tasks in small and medium enterprises. In 2020 61st International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS), pages 1–4. IEEE, 2020. https://doi.org/10.1109/ITMS51158.2020.9259305 doi:10.1109/ ITMS51158.2020.9259305.
Olena Starkova, Kostiantyn Herasymenko, Sergii M Korotin, Volodymyr Afanasiev, and Anastasiia Lisnyk. Development of recommendations for ensuring security in a corporate network. In 2019 IEEE International Conference on Advanced Trends in Information Theory (ATIT), pages 111–115. IEEE, 2019. https://doi.org/10.1109/ATIT49449.2019.9030470 doi:10.1109/ ATIT49449.2019.9030470.
Jan Stentoft, Kent Adsbøll Wickstrøm, Kristian Philipsen, and Anders Haug. Drivers and barriers for industry 4.0 readiness and practice: empirical evidence from small and medium-sized manufacturers. Production Planning & Control, 32(10):811–828, 2021. https://doi.org/10.1080/09537287.2020.1768318 doi:10.1080/09537287.2020.1768318.
Arun Sukumar, Hannan Amoozad Mahdiraji, and Vahid Jafari-Sadeghi. Cyber risk assessment in small and medium-sized enterprises: A multilevel decision-making approach for small e-tailors. Risk Analysis, 43(10):2082–2098, 2023. https://doi.org/10.1111/risa.14092 doi:10.1111/risa.14092.
Tracy Tam, Asha Rao, and Joanne Hall. The good, the bad and the missing: A narrative review of cyber-security implications for australian small businesses. Computers & Security, 109:102385, 2021. https://doi.org/10.1016/j.cose.2021.102385 doi:10.1016/j.cose.2021.102385.
Haydar Teymourlouei and Vareva Harris. Effective methods to monitor it infrastructure security for small business. In 2019 International Conference on Computational Science and Computational Intelligence (CSCI), pages 7–13. IEEE, 2019. https://doi.org/10.1109/CSCI49370.2019.00009 doi:10.1109/ CSCI49370.2019.00009.
Paul Timmers. The european union’s cybersecurity industrial policy. Journal of Cyber Policy, 3(3):363–384, 2018. https://doi.org/10.1080/23738871.2018.1562560 doi:10.1080/ 23738871.2018.1562560.
Thomas Toublanc, Romain Bévan, Florent de Lamotte, and Pascal Berruet. Assisting the configuration of intelligent safety gateway. In IECON 2018-44th Annual Conference of the IEEE Industrial Electronics Society, pages 5875–5880. IEEE, 2018. https://doi.org/10.1109/IECON.2018.8591155 doi:10.1109/ IECON.2018.8591155.
Khaizuran Aqhar Ubaidillah, Syifak Izhar Hisham, Ferda Ernawan, Gran Badshah, and Edy Suharto. Intrusion detection system using autoencoder based deep neural network for sme cybersecurity. In 2021 5th International Conference on Informatics and Computational Sciences (ICICoS), pages 210–215. IEEE, 2021. https://doi.org/10.1109/ICICoS53627.2021.9651851 doi:10.1109/ ICICoS53627.2021.9651851.
Betsy Uchendu, Jason RC Nurse, Maria Bada, and Steven Furnell. Developing a cyber security culture: Current practices and future needs. Computers & Security, 109:102387, 2021. https://doi.org/10.1016/j.cose.2021.102387 doi:10.1016/ j.cose.2021.102387.
Patrick Ulrich, Vanessa Frank, and Alice Timmermann. The dark side of data science-an empirical study of cyber risks in german smes. Procedia Computer Science, 176:2615–2624, 2020. https://doi.org/10.1016/j.procs.2020.09.307 doi:10.1016/ j.procs.2020.09.307.
Nikolaos Vakakis, Odysseas Nikolis, Dimosthenis Ioannidis, Konstantinos Votis, and Dimitrios Tzovaras. Cybersecurity in smes: The smart-home/office use case. In 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), pages 1–7. IEEE, 2019. https://doi.org/10.1109/CAMAD.2019.8858471 doi:10.1109/CAMAD.2019.8858471.
Max Van Haastrecht, Injy Sarhan, Alireza Shojaifar, Louis Baumgartner, Wissam Mallouli, and Marco Spruit. A threat-based cybersecurity risk assessment approach addressing sme needs. In Proceedings of the 16th International Conference on Availability, Reliability and Security, pages 1–12, 2021. https://doi.org/10.1145/3465481.3469199 doi:10.1145/3465481.3469199.
Srinidhi Vasudevan. Defi: A risky business or silver bullet for smes? In 2022 International Conference on Cyber Resilience (ICCR), pages 1–5. IEEE, 2022. https://doi.org/10.1109/ICCR56254.2022.9995866 doi:10.1109/ICCR56254.2022.9995866.
Anton Vedeshin, John Mehmet Ulgar Dogru, Innar Liiv, Sadok Ben Yahia, and Dirk Draheim. A secure data infrastructure for personal manufacturing based on a novel key-less, byte-less encryption method. IEEE Access, 8:40039–40056, 2019. https://doi.org/10.1109/ACCESS.2019.2946730 doi:10.1109/ACCESS.2019.2946730.
Zuzana Virglerova, Marija Panic, Danijela Voza, and Milica Velickovic. Model of business risks and their impact on operational performance of smes. Economic research-Ekonomska istraživanja, 35(1):4047–4064, 2022. https://doi.org/10.1080/1331677X.2021.2010111 doi:10.1080/1331677X.2021.2010111.
Patrick Wagner, Gerhard Hansch, Christoph Konrad, Karl-Heinz John, Jochen Bauer, and Jörg Franke. Applicability of security standards for operational technology by smes and large enterprises. In 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), volume 1, pages 1544–1551. IEEE, 2020. https://doi.org/10.1109/ETFA46521.2020.9212126 doi:10.1109/ETFA46521.2020.9212126.
Wik – Wirtschaftliches Institut für Infrastruktur und Kommunikationsdienste. Aktuelle lage der it-sicherheit in kmu, 2017. URL: https://www.wik.org/fileadmin/files/_migrated/news_files/WIK-Studie_Aktuelle_Lage_der_IT-Sicherheit_in_KMU_Langfassung__2_.pdf.
Wik – Wirtschaftliches Institut für Infrastruktur und Kommunikationsdienste. Current it security situation in smes – summary of representative survey results, 2017. URL: https://www.wik.org/fileadmin/files/_migrated/news_files/Current_IT_Security_Situation_in_SME_WIK_en__2_.pdf.
Wik – Wirtschaftliches Institut für Infrastruktur und Kommunikationsdienste. Digitales handwerk unterschätzt it-risiken, 2023. URL: https://www.wik.org/fileadmin/files/_migrated/news_files/Infoblatt_Handwerk_-_Aktuelle_Lage_der_IT-Sicherheit_in_KMU_-_WIK_2017.pdf.
Martin Wilson, Sharon McDonald, Dominic Button, and Kenneth McGarry. It won’t happen to me: surveying sme attitudes to cyber-security. Journal of Computer Information Systems, 63(2):397–409, 2023. https://doi.org/10.1080/08874417.2022.2067791 doi:10.1080/08874417.2022.2067791.
Lai-Wan Wong, Voon-Hsien Lee, Garry Wei-Han Tan, Keng-Boon Ooi, and Amrik Sohal. The role of cybersecurity and policy awareness in shifting employee compliance attitudes: Building supply chain capabilities. International Journal of Information Management, 66:102520, 2022. https://doi.org/10.1016/j.ijinfomgt.2022.102520 doi:10.1016/j.ijinfomgt.2022.102520.
World Bank Group. Small and medium enterprises (smes) finance – improving smes‘ access to finance and finding innovative solutions to unlock sources of capital, 2019. Accessed on: 05/15/2024. URL: https://www.worldbank.org/en/topic/smefinance.
World Economic Forum. Global cybersecurity outlook 2024 – insight report, 2024. URL: https://www3.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2024.pdf.
Bilge Yigit Ozkan and Marco Spruit. Adaptable security maturity assessment and standardization for digital smes. Journal of Computer Information Systems, 63(4):965–987, 2023. https://doi.org/10.1080/08874417.2022.2119442 doi:10.1080/08874417. 2022.2119442.
Xiong Zhang, Haoran Xie, Hao Yang, Hongkai Shao, and Minghao Zhu. A general framework to understand vulnerabilities in information systems. IEEE Access, 8:121858–121873, 2020. https://doi.org/10.1109/ACCESS.2020.3006361 doi:10.1109/ACCESS.2020.3006361.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright (c) 2025 Journal of Cyber Security and Mobility