1 Center for Communication, Media and Information Technologies, The Technical Faculty of IT and Design, Aalborg University, VBN2 Department of Electronic Systems, The Technical Faculty of IT and Design, Aalborg University, VBN3 The Faculty of Engineering and Science (TECH), Aalborg University, VBN4 Center for Communication, Media and Information Technologies, The Technical Faculty of IT and Design, Aalborg University, VBN5 Department of Development and Planning, The Technical Faculty of IT and Design, Aalborg University, VBN
The essence of this study is first to highlight the cyber-security challenges confronting SMEs in developing economies, and to model a framework for safeguarding their assets, to ensure continuous optimal business operations, and to participate and compete securely in the ubiquitous cyber-market. As more SMEs today continue to use networks and the Internet as vital business tools, the need for a secured organization cannot be over-emphasized. SMEs are utilizing the opportunities offered by advances in ICTs to adopt innovative business operations, to offer user-friendly products and services, to develop customer-centric strategies. While connectivity is indispensable for achieving business success, being connected also implies being exposed to a myriad of cyber-security challenges, such as vulnerabilities of confidentiality, integrity and availability (CIA). As vulnerabilities are exploited by the numerous threat agents or attackers, SMEs are adversely impacted which in some cases may lead to business closure. The extent of cyber-attacks have increased in recent times and experts believe that if nothing is done about it, the severity of future attacks could be greater than what has been observed to date. In order to propose appropriate solutions, the traditional risk equation is re-contextualized into a fuzzy risk relational function, with fuzzy arguments of vulnerabilities, threats and assets value. SMEs were surveyed and strategically interviewed on various cyber-security and business metrics. The elicited experts opinions were used to model the risk function, using neuro-fuzzy techniques, that combines the human inference style and linguistic expressions of fuzzy systems with the learning and parallel processing capabilities of neural networks to analyze the cyber-security vulnerabilities assessment (CSVA) model. The results show that the CSVA model is simple and intuitive, and can be used by SMEs to mitigate the vulnerabilities of their assets. Using fuzzy similarity measures, taxonomies of vulnerabilities and threats are also benchmarked to assist SMEs to be proactive. Finally, fuzzy cognitive map (FCM) approach is also used to show the implications of vulnerabilities amongst SMEs asset disposal policies.
Main Research Area:
Institut for Elektroniske Systemer, Aalborg Universitet, 2013