Abstract
Small and medium-sized enterprises (SMEs) are among the least mature and most vulnerable in terms of their cybersecurity risk and resilience. In this article, we describe a methodology developed using the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) as a starting point. The NIST CSF does not meet all the needs of the SME IT leader, but it offers a solid foundation for a useful evaluation and recommendation methodology. We propose an SME cybersecurity evaluation tool (CET) that consists of a 35-question online survey to be completed by IT leaders to self-rate their maturity within the five NIST framework categories: identify, protect, detect, respond, and recover. We outline this approach to cybersecurity risk management before discussing its effectiveness and implications for practitioners.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
