New Publications Available

Two new publications are available to read. Paper 1 New publication on how SMEs can improve their cybersecurity practices by applying and combining the use of the Customer Journey Modelling Language (CJML) and the System Security Modeller (SSM). The paper can be found in here and is published in the Proceedings of the 16th International […]

BY Cyberkit4sme

It’s Not My Problem: How Healthcare Models relate to SME Cybersecurity Awareness

Abstract: Small and medium enterprises (SMEs) make up a significant part of European economies. They are often described as poorly place to deal with cyber risks though because of resource constraints or commercial interests. Providing appropriate tooling would facilitate a greater appreciation of the risks and provide mitigation strategies. In a series of workshops demonstrating […]

BY J Brian Pickering, Konstantinos Boletsis, Ragnhild Halvorsrud, Stephen Phillips and Mike Surridge

Cybersecurity for SMEs: Introducing the Human Element into Socio-technical Cybersecurity Risk Assessment

Abstract: Small and medium-sized enterprises (SMEs) rarely conduct a thorough cyber-risk assessment and they may face various internal issues when attempting to set up cyber-risk strategies. In this work, we apply a user journey approach to model human behaviour and visually map SMEs’ practices and threats, along with a visualisation of the socio-technical actor network, targeted specifically at the risks highlighted in the user journey. By using a combination of cybersecurity-related visualisations, our goals are: i) to raise awareness about cybersecurity, and ii) to improve communication among IT personnel, security experts, and non-technical personnel. To achieve these goals, we combine two modelling languages: Customer Journey Modelling Language (CJML) is a visual language for modelling and visualisation of work processes in terms of user journeys. System Security Modeller (SSM) is an asset-based risk-analysis tool for socio-technical systems. By demonstrating the languages’ supplementary nature through a threat scenario and considering related theories, we believe that there is a sound basis to warrant further validation of CJML and SSM together to raise awareness and handle cyber threats in SMEs.

BY Ragnhild Halvorsrud
« Previous Page Next Page »