Small and medium enterprises (SMEs) are increasingly vulnerable to cyber threats due to limited resources and cybersecurity expertise, in addition to an increasingly hostile cyber threat environment at national and international levels. This study aims to improve the cyber resilience amongst SMEs by developing a national risk assessment tool. This research is guided by three key questions: 1. What current international SME risk assessment tools are available and supported or endorsed by national cybersecurity centres? 2. How can a risk assessment tool be created that is accessible to SME owners with little to no cybersecurity knowledge? 3. What are the key areas of cybersecurity risks for SMEs? To answer these questions, a comprehensive review of existing risk assessment tools was carried out. Through iterative collaboration with SMEs, the development of a user-friendly tool that simplifies risk for non-expert users was made possible.
翻译:中小型企业(SMEs)由于资源有限、网络安全专业知识不足,加之国家和国际层面日益严峻的网络威胁环境,正变得越来越容易受到网络威胁。本研究旨在通过开发一个国家层面的风险评估工具,提升中小企业的网络韧性。本研究围绕三个关键问题展开:1. 目前有哪些国际通用的中小企业风险评估工具,并得到了国家网络安全中心的支持或认可?2. 如何创建一个易于被不具备或仅具备少量网络安全知识的中小企业主使用的风险评估工具?3. 中小企业面临的关键网络安全风险领域有哪些?为回答这些问题,我们对现有的风险评估工具进行了全面审查。通过与中小企业进行迭代式协作,最终开发出了一款用户友好的工具,该工具能够为非专业用户简化风险评估过程。