Abstract
Despite a long-standing understanding that developments in personal and cloud computing practices would change the way we approach security, small-scale IT users (SSITUs) remain ill-served by existing cyber security practices. This paper discusses results from a survey that considered (in part) cyber security decisions made by SSITUs. We determine that SSITUs are focusing on easy-to-implement technical measures, leading to a disconnect between the security implemented and any risks identified; available resources, knowledge, prioritization of business processes, reduced system control and a lack of threat intelligence all combine to limit the ability to make cyber security decisions; and assessing risk in SSITUs will not lead to sufficient investment to mitigate risks for risk-holding stakeholders in the supply chain. We conclude that the constraints faced by SSITUs have far greater impact on the decisions they make than either our risk-holding, or security-providing, participants may have anticipated. Any limitations faced by SSITUs as they make their security decisions will have a significant impact on both the measures they are able to apply and the security of the supply chain as a whole.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
