{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T14:25:08Z","timestamp":1742999108432,"version":"3.40.3"},"publisher-location":"Cham","reference-count":69,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030494421"},{"type":"electronic","value":"9783030494438"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-49443-8_16","type":"book-chapter","created":{"date-parts":[[2020,6,27]],"date-time":"2020-06-27T12:02:48Z","timestamp":1593259368000},"page":"335-357","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Guidelines and Tool Support for Building a Cybersecurity Awareness Program for SMEs"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5027-2114","authenticated-orcid":false,"given":"Christophe","family":"Ponsard","sequence":"first","affiliation":[]},{"given":"Jeremy","family":"Grandclaudon","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,6,28]]},"reference":[{"key":"16_CR1","unstructured":"ANSSI: SecNumacad\u00e9mie (2017). https:\/\/secnumacademie.gouv.fr"},{"key":"16_CR2","unstructured":"Ashford, W.: SMEs more vulnerable than ever to cyber attacks, survey shows, October 2017. http:\/\/bit.do\/computer-weekly-SME-cybersecurity"},{"key":"16_CR3","unstructured":"Ashik, M.: Building an effective cybersecurity program (2018). https:\/\/securereading.com\/building-an-effective-cybersecurity-culture"},{"key":"16_CR4","doi-asserted-by":"crossref","unstructured":"Bada, M., Nurse, J.R.C.: Developing cybersecurity education and awareness programmes for small and medium-sized enterprises (SMEs). CoRR abs\/1906.09594 (2019)","DOI":"10.1108\/ICS-07-2018-0080"},{"key":"16_CR5","unstructured":"Bada, M., Sasse, A.M., Nurse, J.R.C.: Cyber security awareness campaigns: why do they fail to change behaviour? (2019). http:\/\/arxiv.org\/abs\/1901.02672"},{"key":"16_CR6","unstructured":"BBB: State of cybersecurity among small businesses in North America. Better Business Bureau (2017). http:\/\/bit.do\/2017-state-of-cybersecurity"},{"key":"16_CR7","unstructured":"BDO: Forte augmentation de la demande de services de cybers\u00e9curit\u00e9 suite au GDPR (2018). http:\/\/bit.do\/bdo18-cyber-gdpr"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Ben-David, Y., et al.: Computing security in the developing world: a case for multidisciplinary research. In: Proceedings of the 5th ACM Workshop on Networked Systems for Developing Regions, pp. 39\u201344. ACM (2011)","DOI":"10.1145\/1999927.1999939"},{"key":"16_CR9","unstructured":"BSI: Cyber security for SMEs (2018). https:\/\/www.bsigroup.com\/en-GB\/Cyber-Security\/Cyber-security-for-SMEs"},{"key":"16_CR10","unstructured":"CCB: Cyber security guide for SME (2016). http:\/\/www.ccb.belgium.be\/en\/guide-sme"},{"key":"16_CR11","unstructured":"CIS: CIS Controls - Implementation guide for Small and Medium-Sized Enterprises (SMEs) (2017). https:\/\/www.cisecurity.org\/wp-content\/uploads\/2017\/09\/CIS-Controls-Guide-for-SMEs.pdf"},{"key":"16_CR12","unstructured":"CIS: CIS control - V7 (2018). https:\/\/www.cisecurity.org\/controls"},{"key":"16_CR13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-322-99786-9_1","volume-title":"The Inmates are Running the Asylum","author":"A Cooper","year":"1999","unstructured":"Cooper, A.: The Inmates are Running the Asylum. Macmillan Publishing Company Inc., New York City (1999)"},{"key":"16_CR14","unstructured":"Cyber Security Coalition: Cyber security KIT (2018). https:\/\/www.cybersecuritycoalition.be\/resource\/cyber-security-kit"},{"key":"16_CR15","unstructured":"Cyber Security Coalition: SME security scan (2018). https:\/\/www.cybersecuritycoalition.be\/sme-security-scan"},{"key":"16_CR16","unstructured":"CybSafe: Enterprise IT leaders demanding more stringent cyber security from suppliers, July 2017. http:\/\/bit.do\/cybsafe"},{"key":"16_CR17","unstructured":"Dahslane: How secure is my password (2019). https:\/\/howsecureismypassword.net"},{"key":"16_CR18","unstructured":"Davies, T.: Cybersecurity in Europe is improving: thank you GDPR? (2018). https:\/\/gdpr.report\/news\/2018\/12\/27\/cybersecurity-in-europe"},{"key":"16_CR19","unstructured":"Digital Wallonia: Keep IT secure (2018). https:\/\/www.digitalwallonia.be\/keepitsecure"},{"key":"16_CR20","unstructured":"Dlamini, Z., Modise, M.: Cyber security awareness initiatives in South Africa: a synergy approach. Case Stud. Inf. Warf. Secur. Res. Teach. Stud. 1 (2013)"},{"key":"16_CR21","unstructured":"EC: Proposal for a European cybersecurity competence network and centre (2017). https:\/\/ec.europa.eu\/digital-single-market\/en\/proposal-european-cybersecurity-competence-network-and-centre"},{"key":"16_CR22","unstructured":"EC: Supporting specialised skills development: big data, Internet of Things and cybersecurity for SMEs. EASME\/COSME\/2017\/007 Interim Report, March 2019"},{"key":"16_CR23","unstructured":"ECSM: European cyber security month quiz (2018). https:\/\/cybersecuritymonth.eu\/references\/quiz-demonstration"},{"key":"16_CR24","unstructured":"ECSO: European Cyber Security Organisation (2016). https:\/\/ecs-org.eu"},{"key":"16_CR25","unstructured":"ECSO: European Cyber Security Certification: a meta - scheme approach v1.0 (2017). https:\/\/www.ecs-org.eu\/documents\/publications\/5a3112ec2c891.pdf"},{"key":"16_CR26","unstructured":"ENISA: Indispensable baseline security requirements for the procurement of secure ICT products and services (2016). http:\/\/bit.do\/ENISA-baseline-security"},{"key":"16_CR27","unstructured":"ENISA: Posters for organisations (2019). https:\/\/www.enisa.europa.eu\/media\/multimedia\/material\/awareness-raising-posters"},{"key":"16_CR28","unstructured":"Fricker, S.: D2.3 security awareness plan report (2017). https:\/\/www.smesec.eu\/doc\/SMESEC_D2.3_Security_Awareness_Plan_Report_v1.0.pdf"},{"issue":"2","key":"16_CR29","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1108\/01443579710158023","volume":"17","author":"A Ghobadian","year":"1997","unstructured":"Ghobadian, A., Gallear, D.: Total quality management and organization size. Int. J. Oper. Prod. Manag. 17(2), 121\u2013163 (1997)","journal-title":"Int. J. Oper. Prod. Manag."},{"key":"16_CR30","unstructured":"Global Cyber Alliance: GCA cybersecurity toolkit for small businesses (2019)"},{"key":"16_CR31","unstructured":"GoPhish: Open-source phishing framework (2019). https:\/\/getgophish.com"},{"key":"16_CR32","doi-asserted-by":"crossref","unstructured":"Grudin, J.: Why personas work: the psychological evidence. In: The Persona Lifecycle: Keeping People in Mind Throughout Product Design, January 2006","DOI":"10.1016\/B978-012566251-2\/50013-7"},{"key":"16_CR33","unstructured":"Heat, E.: How to improve phishing awareness by 300% in 18 Months. In: RSA Conference, San Francisco, 13\u201317 February 2017"},{"issue":"2","key":"16_CR34","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1016\/j.dss.2009.02.005","volume":"47","author":"T Herath","year":"2009","unstructured":"Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decis. Support Syst. 47(2), 154\u2013165 (2009)","journal-title":"Decis. Support Syst."},{"key":"16_CR35","unstructured":"Interreg: Regional policies for competitive cybersecurity SMEs (2018). https:\/\/www.interregeurope.eu\/cyber"},{"key":"16_CR36","unstructured":"ISF: Effective security awareness. Information Security Forum, April 2002"},{"key":"16_CR37","unstructured":"Juul, J.: The game, the player, the world: looking for a heart of gameness. In: Digital Games Research Conference, 4\u20136 November 2003, University of Utrecht, The Netherlands (2003)"},{"key":"16_CR38","doi-asserted-by":"publisher","first-page":"269","DOI":"10.1080\/10919392.2018.1484598","volume":"28","author":"S Kabanda","year":"2018","unstructured":"Kabanda, S., Tanner, M., Kent, C.: Exploring SME cybersecurity practices in developing countries. J. Organ. Comput. Electron. Comm. 28, 269\u2013282 (2018). https:\/\/doi.org\/10.1080\/10919392.2018.1484598","journal-title":"J. Organ. Comput. Electron. Comm."},{"key":"16_CR39","volume-title":"The Gamification of Learning and Instruction: Game-Based Methods and Strategies for Training and Education","author":"KM Kapp","year":"2012","unstructured":"Kapp, K.M.: The Gamification of Learning and Instruction: Game-Based Methods and Strategies for Training and Education, 1st edn. Pfeiffer & Company, Ablar (2012)","edition":"1"},{"key":"16_CR40","unstructured":"Kasperski: Secure password check (2019). https:\/\/password.kaspersky.com"},{"key":"16_CR41","unstructured":"Keeper Security: 2018 state of cybersecurity in small and medium size businesses study (2018). https:\/\/start.keeper.io\/2018-ponemon-report"},{"key":"16_CR42","doi-asserted-by":"publisher","first-page":"663","DOI":"10.1016\/j.cose.2017.08.001","volume":"70","author":"D Ki-Aries","year":"2017","unstructured":"Ki-Aries, D., Faily, S.: Persona-centred information security awareness. Comput. Secur. 70, 663\u2013674 (2017)","journal-title":"Comput. Secur."},{"key":"16_CR43","unstructured":"LimeSurvey: The online survey tool - open source surveys (2017). https:\/\/www.limesurvey.org"},{"key":"16_CR44","unstructured":"Lockheed Martin: Are you a cybersecurity ninja or n00b? (2018). http:\/\/bit.do\/lookheedmartin-quiz"},{"key":"16_CR45","volume-title":"Cyber Security Engineering: A Practical Approach for Systems and Software Assurance","author":"N Mead","year":"2016","unstructured":"Mead, N., Woody, C.: Cyber Security Engineering: A Practical Approach for Systems and Software Assurance. Pearson Education, London (2016)"},{"key":"16_CR46","unstructured":"Muller, P., et al.: Annual report on European SMEs 2014\/2015. European Commission (2015)"},{"key":"16_CR47","unstructured":"NCSA: stay safe online - cybersecurity awareness toolkit for SMB. National Cyber Security Alliance (2018)"},{"key":"16_CR48","unstructured":"NIST: Cybersecurity framework (2014). https:\/\/www.nist.gov\/cyberframework"},{"key":"16_CR49","unstructured":"O\u2019Flaherty, K.: How gamification can boost cyber security (2019). https:\/\/www.information-age.com\/gamification-can-boost-cyber-security-123479658\/"},{"key":"16_CR50","unstructured":"Osborn, E., et al.: Business versus tech: sources of the perceived lack of cyber security in SMEs. In: 1st International Conference on Cyber Security for Sustainable Society, Feburary 2015"},{"key":"16_CR51","unstructured":"PhishingBox: Phishing simulator and test (2019). https:\/\/www.phishingbox.com\/phishing-test"},{"key":"16_CR52","unstructured":"Ponsard, C.: Cybersecurity quizz (Google Play Store) (2018). http:\/\/bit.do\/QuizzCyberSecurity"},{"key":"16_CR53","doi-asserted-by":"crossref","unstructured":"Ponsard, C., Grandclaudon, J., Bal, S.: Survey and lessons learned on raising SME awareness about cybersecurity. In: Proceedings of the 5th ICISSP, Prague, Czech Republic, 23\u201325 February, pp. 558\u2013563 (2019)","DOI":"10.5220\/0007574305580563"},{"key":"16_CR54","doi-asserted-by":"crossref","unstructured":"Ponsard, C., Grandclaudon, J., Dallons, G.: Towards a cyber security label for SMEs: a European perspective. In: Proceedingsthe 4th ICISSP, Funchal, Madeira, pp. 426\u2013431 (2018)","DOI":"10.5220\/0006657604260431"},{"key":"16_CR55","unstructured":"PwC: Game of threats (2017)"},{"key":"16_CR56","unstructured":"SafeOnWeb: Test your digital health (2018). https:\/\/campagne.safeonweb.be\/en"},{"key":"16_CR57","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-642-16419-4_32","volume-title":"ENTERprise Information Systems","author":"LE S\u00e1nchez","year":"2010","unstructured":"S\u00e1nchez, L.E., Santos-Olmo, A., Fern\u00e1ndez-Medina, E., Piattini, M.: Security culture in small and medium-size enterprise. In: Quintela Varaj\u00e3o, J.E., Cruz-Cunha, M.M., Putnik, G.D., Trigo, A. (eds.) CENTERIS 2010. CCIS, vol. 110, pp. 315\u2013324. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-16419-4_32"},{"key":"16_CR58","unstructured":"SANS: Computer security training and certification (1989). https:\/\/www.sans.org"},{"key":"16_CR59","unstructured":"SANS: 10 tactics for rolling out a successful awareness program (2018). https:\/\/www.sans.org\/sites\/default\/files\/2019-04\/poster_10-tactics.pdf"},{"key":"16_CR60","unstructured":"SANS: Security awareness posters (2018). https:\/\/www.sans.org\/security-awareness-training\/resources\/posters"},{"key":"16_CR61","unstructured":"SBDC, M.: Small business, big threat (2018). https:\/\/smallbusinessbigthreat.com"},{"key":"16_CR62","unstructured":"SPARTA: Strategic programs for advanced research and technology in Europe (2019). https:\/\/www.sparta.eu"},{"key":"16_CR63","unstructured":"UK Government: Cyber essentials (2016). https:\/\/www.cyberaware.gov.uk\/cyberessentials"},{"key":"16_CR64","unstructured":"UK Government: Cyber essentials self assessment (2018). https:\/\/www.cyberessentials.ie\/self-assessment"},{"key":"16_CR65","unstructured":"VDS: A brief assessment for SMEs - quick check for cyber security (2017). http:\/\/vds-quick-check.de"},{"key":"16_CR66","unstructured":"Veseli, I.: Measuring the effectiveness of information security awareness program. Msc., Department of Computer Science and Media Technology Gjovik University College, South Africa (2011)"},{"key":"16_CR67","volume-title":"Cyber-Security Challenges with SMEs in Developing Economies: Issues of Confidentiality, Integrity & Availability (CIA)","author":"EO Yeboah-Boateng","year":"2013","unstructured":"Yeboah-Boateng, E.O.: Cyber-Security Challenges with SMEs in Developing Economies: Issues of Confidentiality, Integrity & Availability (CIA). Institut for Elektroniske Systemer, Aalborg Universitet, Aalborg (2013)"},{"key":"16_CR68","doi-asserted-by":"crossref","unstructured":"Yunos, Z., Hamid, R.S.A., Ahmad, M.: Development of a cyber security awareness strategy using focus group discussion. In: 2016 SAI Computing Conference (SAI), pp. 1063\u20131067, July 2016","DOI":"10.1109\/SAI.2016.7556109"},{"key":"16_CR69","unstructured":"Zurich Inusrance Group: SMEs\u2019 cyber risk awareness is on the rise (2016). https:\/\/www.zurich.com\/en\/media\/news-releases\/2016\/2016-1123-01"}],"container-title":["Communications in Computer and Information Science","Information Systems Security and Privacy"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-49443-8_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,30]],"date-time":"2022-10-30T16:42:59Z","timestamp":1667148179000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-49443-8_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030494421","9783030494438"],"references-count":69,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-49443-8_16","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"28 June 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICISSP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Systems Security and Privacy","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Prague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Czech Republic","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 February 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 February 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icissp2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.icissp.org\/?y=2019","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"PRIMORIS","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"100","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}