Please use this identifier to cite or link to this item:
Title: Cybersecurity information sharing: A framework for information security management in UK SME supply chains
Authors: Lewis, R
Louvieris, P
Abbott, P
Clewley, N
Jones, K
Keywords: Cybersecurity metrics;Information security management;Information sharing;Information sharing agreement;Risk management;SME supply chains
Issue Date: 2014
Citation: ECIS 2014 Proceedings - 22nd European Conference on Information Systems, Tel Aviv, 9 - 11 June, 2014
Abstract: UK small to medium sized enterprises (SMEs) are suffering increasing levels of cybersecurity breaches and are a major point of vulnerability in the supply chain networks in which they participate. A key factor for achieving optimal security levels within supply chains is the management and sharing of cybersecurity information associated with specific metrics. Such information sharing schemes amongst SMEs in a supply chain network, however, would give rise to a certain level of risk exposure. In response, the purpose of this paper is to assess the implications of adopting select cybersecurity metrics for information sharing in SME supply chain consortia. Thus, a set of commonly used metrics in a prototypical cybersecurity scenario were chosen and tested from a survey of 17 UK SMEs. The results were analysed in respect of two variables; namely, usefulness of implementation and willingness to share across supply chains. Consequently, we propose a Cybersecurity Information Sharing Taxonomy for identifying risk exposure categories for SMEs sharing cybersecurity information, which can be applied to developing Information Sharing Agreements (ISAs) within SME supply chain consortia.
Appears in Collections:Dept of Computer Science Research Papers

Files in This Item:
File Description SizeFormat 
Fulltext.pdf792.91 kBAdobe PDFView/Open

Items in BURA are protected by copyright, with all rights reserved, unless otherwise indicated.