A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises
Autor(a) principal: | |
---|---|
Data de Publicação: | 2022 |
Outros Autores: | , |
Tipo de documento: | Artigo |
Idioma: | eng |
Título da fonte: | Revista Gestão e Projetos (GeP) |
Texto Completo: | https://periodicos.uninove.br/gep/article/view/23083 |
Resumo: | Cybersecurity remains one of the key investments for companies that want to protect their business in a digital era. Therefore, it is essential to understand the different steps required to implement an adequate cybersecurity strategy, which can be viewed as a cybersecurity project to be developed, implemented, and operated. This article proposes SECProject, a practical framework that defines and organizes the technical and economics steps required for the planning and implementation of a cost-effective cybersecurity strategy in Small and Medium-sized Enterprises (SME). As novelty, the SECProject framework allows for a guided and organized cybersecurity planning that considers both technical and economical elements needed for an adequate protection. This helps even companies without technical expertise to optimize their cybersecurity investments while reducing their business risks due to cyberattacks. In order to show the feasibility of the proposed framework, a case study was conducted within a Swiss SME from the pharma sector, highlighting the information and artifacts required for the planning and deployment of cybersecurity strategies. The results show the benefits and effectiveness of risk and cost management as a key element during the planning of cybersecurity projects using the SECProject as a guideline. |
id |
UNINOVE-4_2ffbbed5dcfa3e4da6601abcfbb4d285 |
---|---|
oai_identifier_str |
oai:https://periodicos.uninove.br:article/23083 |
network_acronym_str |
UNINOVE-4 |
network_name_str |
Revista Gestão e Projetos (GeP) |
repository_id_str |
|
spelling |
A framework for the planning and management of cybersecurity projects in small and medium-sized enterprisesUm framework para planejamento e gerenciamento de projetos de cibersegurança em pequenas e médias empresasCybersecurity; Risk management; Cost management; Project management.Cibersegurança; Gerenciamento de riscos; Gerenciamento de custos; Gerenciamento de projetos.Cybersecurity remains one of the key investments for companies that want to protect their business in a digital era. Therefore, it is essential to understand the different steps required to implement an adequate cybersecurity strategy, which can be viewed as a cybersecurity project to be developed, implemented, and operated. This article proposes SECProject, a practical framework that defines and organizes the technical and economics steps required for the planning and implementation of a cost-effective cybersecurity strategy in Small and Medium-sized Enterprises (SME). As novelty, the SECProject framework allows for a guided and organized cybersecurity planning that considers both technical and economical elements needed for an adequate protection. This helps even companies without technical expertise to optimize their cybersecurity investments while reducing their business risks due to cyberattacks. In order to show the feasibility of the proposed framework, a case study was conducted within a Swiss SME from the pharma sector, highlighting the information and artifacts required for the planning and deployment of cybersecurity strategies. The results show the benefits and effectiveness of risk and cost management as a key element during the planning of cybersecurity projects using the SECProject as a guideline.Investimentos adequados em cibersegurança continuam sendo um dos principais pilares para empresas que necessitam proteger seus negócios em uma era digital. Para isto, é essencial compreender os diferentes passos necessários para implementar uma estratégia adequada de cibersegurança, que pode ser vista como um projeto de cibersegurança a ser desenvolvido, implementado e operado por uma empresa. Este artigo propõe o SECProject, um framework que define e organiza as etapas técnicas e econômicas necessárias para o planejamento e implementação de uma estratégia de segurança cibernética econômica em Pequenas e Médias Empresas (PMEs). Como resultado, as etapas do SECProject permitem um planejamento guiado e organizado de cibersegurança que considera tanto elementos técnicos quanto econômicos necessários para uma proteção adequada. Isto ajuda até mesmo empresas sem experiência técnica a otimizar seus investimentos em segurança cibernética enquanto reduzem seus riscos comerciais devido a ciberataques. A fim de mostrar a viabilidade do framework proposta, foi realizado um estudo de caso dentro de uma PME suíça do setor farmacêutico, destacando as informações e artefatos necessários para o planejamento e implantação de estratégias de cibersegurança. Os resultados mostram os benefícios e a eficácia da gestão de riscos e custos como um elemento-chave durante o planejamento de projetos de cibersegurança, utilizando o framework SECProject como diretriz.Universidade Nove de Julho (Uninove)Figueredo Franco, MurielMartins Lacerda, FabricioStiller, Burkhard2022-12-09info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionapplication/pdfhttps://periodicos.uninove.br/gep/article/view/2308310.5585/gep.v13i3.23083Revista de Gestão e Projetos; v. 13, n. 3 (2022): (set./dez.); 10-372236-0972reponame:Revista Gestão e Projetos (GeP)instname:Universidade Nove de Julho (UNINOVE)instacron:UNINOVEenghttps://periodicos.uninove.br/gep/article/view/23083/9937Direitos autorais 2022 Revista de Gestão e Projetoshttps://creativecommons.org/licenses/by-nc-sa/4.0info:eu-repo/semantics/openAccess2022-12-09T20:28:12Zoai:https://periodicos.uninove.br:article/23083Revistahttps://periodicos.uninove.br/gepPRIhttps://periodicos.uninove.br/gep/oaigep@uninove.br || editor@revistagep.org || crismonteiro@uninove.br2236-09722236-0972opendoar:2022-12-09T20:28:12Revista Gestão e Projetos (GeP) - Universidade Nove de Julho (UNINOVE)false |
dc.title.none.fl_str_mv |
A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises Um framework para planejamento e gerenciamento de projetos de cibersegurança em pequenas e médias empresas |
title |
A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises |
spellingShingle |
A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises Figueredo Franco, Muriel Cybersecurity; Risk management; Cost management; Project management. Cibersegurança; Gerenciamento de riscos; Gerenciamento de custos; Gerenciamento de projetos. |
title_short |
A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises |
title_full |
A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises |
title_fullStr |
A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises |
title_full_unstemmed |
A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises |
title_sort |
A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises |
author |
Figueredo Franco, Muriel |
author_facet |
Figueredo Franco, Muriel Martins Lacerda, Fabricio Stiller, Burkhard |
author_role |
author |
author2 |
Martins Lacerda, Fabricio Stiller, Burkhard |
author2_role |
author author |
dc.contributor.none.fl_str_mv |
|
dc.contributor.author.fl_str_mv |
Figueredo Franco, Muriel Martins Lacerda, Fabricio Stiller, Burkhard |
dc.subject.por.fl_str_mv |
Cybersecurity; Risk management; Cost management; Project management. Cibersegurança; Gerenciamento de riscos; Gerenciamento de custos; Gerenciamento de projetos. |
topic |
Cybersecurity; Risk management; Cost management; Project management. Cibersegurança; Gerenciamento de riscos; Gerenciamento de custos; Gerenciamento de projetos. |
description |
Cybersecurity remains one of the key investments for companies that want to protect their business in a digital era. Therefore, it is essential to understand the different steps required to implement an adequate cybersecurity strategy, which can be viewed as a cybersecurity project to be developed, implemented, and operated. This article proposes SECProject, a practical framework that defines and organizes the technical and economics steps required for the planning and implementation of a cost-effective cybersecurity strategy in Small and Medium-sized Enterprises (SME). As novelty, the SECProject framework allows for a guided and organized cybersecurity planning that considers both technical and economical elements needed for an adequate protection. This helps even companies without technical expertise to optimize their cybersecurity investments while reducing their business risks due to cyberattacks. In order to show the feasibility of the proposed framework, a case study was conducted within a Swiss SME from the pharma sector, highlighting the information and artifacts required for the planning and deployment of cybersecurity strategies. The results show the benefits and effectiveness of risk and cost management as a key element during the planning of cybersecurity projects using the SECProject as a guideline. |
publishDate |
2022 |
dc.date.none.fl_str_mv |
2022-12-09 |
dc.type.none.fl_str_mv |
|
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
https://periodicos.uninove.br/gep/article/view/23083 10.5585/gep.v13i3.23083 |
url |
https://periodicos.uninove.br/gep/article/view/23083 |
identifier_str_mv |
10.5585/gep.v13i3.23083 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
https://periodicos.uninove.br/gep/article/view/23083/9937 |
dc.rights.driver.fl_str_mv |
Direitos autorais 2022 Revista de Gestão e Projetos https://creativecommons.org/licenses/by-nc-sa/4.0 info:eu-repo/semantics/openAccess |
rights_invalid_str_mv |
Direitos autorais 2022 Revista de Gestão e Projetos https://creativecommons.org/licenses/by-nc-sa/4.0 |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Universidade Nove de Julho (Uninove) |
publisher.none.fl_str_mv |
Universidade Nove de Julho (Uninove) |
dc.source.none.fl_str_mv |
Revista de Gestão e Projetos; v. 13, n. 3 (2022): (set./dez.); 10-37 2236-0972 reponame:Revista Gestão e Projetos (GeP) instname:Universidade Nove de Julho (UNINOVE) instacron:UNINOVE |
instname_str |
Universidade Nove de Julho (UNINOVE) |
instacron_str |
UNINOVE |
institution |
UNINOVE |
reponame_str |
Revista Gestão e Projetos (GeP) |
collection |
Revista Gestão e Projetos (GeP) |
repository.name.fl_str_mv |
Revista Gestão e Projetos (GeP) - Universidade Nove de Julho (UNINOVE) |
repository.mail.fl_str_mv |
gep@uninove.br || editor@revistagep.org || crismonteiro@uninove.br |
_version_ |
1797052865684963328 |