Abstract
The digitalization of companies and the implantation of Industry 4.0 concepts are emerging and challenging for micro and Small and Medium Enterprises (SME). The benefits are evident for the companies, as their business processes become simplified, and the internationalization and global market penetration turn out to be improved.However, information security and cybersecurity concerns have been raised on SME, as best practices and regulations compliance should be applied. The wide set of these regulations and their broad scope has put constraints on their overall direct mapping and adoption into SME.This paper describes an original methodology to map the Roadmap for Minimum Cybersecurity Capabilities (RMCSC) delivered by the Portuguese Cybersecurity Centre, into the well-adopted international information security ISO 27001:2013 standard. The proposed mapping is oriented toward the characteristics of SME and allows these companies to assess their cybersecurity risk to further mitigate potential identified flaws.The main deliverable of this paper is the developed methodology, which correlates the actions of the cybersecurity capabilities roadmap and the security controls enclosed in the ISO 27001:2013 standard. A questionnaire was developed to support the cybersecurity risk self-diagnosis, and the actions were justified and detailed in this paper. Further developments include the submission of the questionnaire to a case study of SME in the centre region of Portugal.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.