SIG SEC - Information Security and Privacy
Loading...
Paper Type
Complete
Paper Number
1712
Description
Low cybersecurity awareness and the lack of good practices have led to a growing number of cyber-attacks and incidents in small and medium-sized enterprises (SMEs). This study introduces CYSEC, a new lightweight Do-It-Yourself (DIY) approach to communicate cybersecurity awareness training to a large number of SMEs and encourage them to improve their capability continuously. CYSEC is a method and tool that implements the Self-Determination Theory (SDT) to motivate SME end-users to sustainable self-endorsed forms of security behavior and guide them to carry out the security improvement on their own. The paper describes the theoretical framework for modeling self-determination and explains how the adoption of cybersecurity recommendations can be internalized step-by-step by an SME by following an iterative process in CYSEC. Finally, significant lessons learned about the use of CYSEC and its intervention in pursuit of cybersecurity adoption in the pilot SMEs are presented.
Recommended Citation
Fricker, Samuel A. and Shojaifar, Alireza, "Self-endorsed Cybersecurity Capability Improvement for SMEs" (2022). AMCIS 2022 Proceedings. 27.
https://aisel.aisnet.org/amcis2022/sig_sec/sig_sec/27
Self-endorsed Cybersecurity Capability Improvement for SMEs
Low cybersecurity awareness and the lack of good practices have led to a growing number of cyber-attacks and incidents in small and medium-sized enterprises (SMEs). This study introduces CYSEC, a new lightweight Do-It-Yourself (DIY) approach to communicate cybersecurity awareness training to a large number of SMEs and encourage them to improve their capability continuously. CYSEC is a method and tool that implements the Self-Determination Theory (SDT) to motivate SME end-users to sustainable self-endorsed forms of security behavior and guide them to carry out the security improvement on their own. The paper describes the theoretical framework for modeling self-determination and explains how the adoption of cybersecurity recommendations can be internalized step-by-step by an SME by following an iterative process in CYSEC. Finally, significant lessons learned about the use of CYSEC and its intervention in pursuit of cybersecurity adoption in the pilot SMEs are presented.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIG SEC