{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,12]],"date-time":"2025-07-12T22:46:20Z","timestamp":1752360380754,"version":"3.40.3"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031711381"},{"type":"electronic","value":"9783031711398"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-71139-8_16","type":"book-chapter","created":{"date-parts":[[2024,9,6]],"date-time":"2024-09-06T07:02:12Z","timestamp":1725606132000},"page":"231-244","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Towards an Integrated Cybersecurity Framework for Small and Medium Enterprises"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2864-2203","authenticated-orcid":false,"given":"Jose A.","family":"Calvo-Manzano","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6104-7430","authenticated-orcid":false,"given":"Tom\u00e1s","family":"San Feliu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6433-5681","authenticated-orcid":false,"given":"\u00c1ngel","family":"Herranz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2665-7612","authenticated-orcid":false,"given":"Julio","family":"Mari\u00f1o","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8296-4609","authenticated-orcid":false,"given":"Lars-\u00c5ke","family":"Fredlund","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1555-9726","authenticated-orcid":false,"given":"Ricardo","family":"Colomo-Palacios","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8397-6794","authenticated-orcid":false,"given":"Ana M.","family":"Moreno","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,9,7]]},"reference":[{"key":"16_CR1","unstructured":"Ministerio de Industria, Comercio y Turismo - Estad\u00edsticas y publicaciones sobre PYME. https:\/\/industria.gob.es\/es-es\/estadisticas\/paginas\/estadisticas-y-publicaciones-sobre-pyme.aspx"},{"key":"16_CR2","unstructured":"PAe - Informe DESI 2022: Espa\u00f1a avanza al quinto puesto entre los pa\u00edses de la UE en materia de servicios p\u00fablicos digitales. https:\/\/administracionelectronica.gob.es\/pae_Home\/pae_Actualidad\/pae_Noticias\/Anio2022\/Julio\/Noticia-2022-07-29-publicado-informe-DESI-2022.html#.ZA2gMy8rxf0"},{"key":"16_CR3","unstructured":"SMEs in the EU 2023, by size. https:\/\/www.statista.com\/statistics\/878412\/number-of-smes-in-europe-by-size\/"},{"key":"16_CR4","unstructured":"Small and Medium-sized Business (SMB) Cyber Security Challenges and Solutions. https:\/\/resources.checkpoint.com\/cyber-security-resources\/small-and-medium-sized-business-smb-cyber-security-challenges-and-solutions"},{"key":"16_CR5","unstructured":"European Union Agency for Cybersecurity.: Cybersecurity for SMEs: challenges and recommendations. Publications Office, LU (2021)"},{"key":"16_CR6","unstructured":"European Union Agency for Cybersecurity.: ENISA threat landscape 2023: July 2022 to June 2023. Publications Office, LU (2023)"},{"key":"16_CR7","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101709","volume":"90","author":"EK Szczepaniuk","year":"2020","unstructured":"Szczepaniuk, E.K., Szczepaniuk, H., Rokicki, T., Klepacki, B.: Information security assessment in public administration. Comput. Secur. 90, 101709 (2020). https:\/\/doi.org\/10.1016\/j.cose.2019.101709","journal-title":"Comput. Secur."},{"key":"16_CR8","doi-asserted-by":"publisher","first-page":"2181","DOI":"10.3390\/electronics11142181","volume":"11","author":"H Taherdoost","year":"2022","unstructured":"Taherdoost, H.: Understanding cybersecurity frameworks and information security standards\u2014a review and comprehensive overview. Electronics 11, 2181 (2022). https:\/\/doi.org\/10.3390\/electronics11142181","journal-title":"Electronics"},{"key":"16_CR9","unstructured":"High-Level Guidelines on Cybersecurity for SMEs | Shaping Europe\u2019s digital future. https:\/\/digital-strategy.ec.europa.eu\/en\/library\/high-level-guidelines-cybersecurity-smes"},{"key":"16_CR10","unstructured":"National Institute of Standards and Technology: NIST Cybersecurity Framework 2.0: Small Business Quick-Start Guide. National Institute of Standards and Technology, Gaithersburg, MD (2024)"},{"key":"16_CR11","doi-asserted-by":"crossref","unstructured":"Alahmari, A.A., Duncan, R.A.: Investigating potential barriers to cybersecurity risk management investment in SMEs. In: 2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), Pitesti, Romania, pp. 1\u20136. IEEE (2021)","DOI":"10.1109\/ECAI52376.2021.9515166"},{"key":"16_CR12","doi-asserted-by":"crossref","unstructured":"Alahmari, A., Duncan, B.: Cybersecurity risk management in small and medium-sized enterprises: a systematic review of recent evidence. In: 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1\u20135. IEEE (2020)","DOI":"10.1109\/CyberSA49311.2020.9139638"},{"key":"16_CR13","doi-asserted-by":"publisher","first-page":"41","DOI":"10.4018\/IJSR.20190701.oa1","volume":"17","author":"BY Ozkan","year":"2019","unstructured":"Ozkan, B.Y., Spruit, M.: Cybersecurity standardisation for SMEs: the stakeholders\u2019 perspectives and a research agenda. Int. J. Stand. Res. 17, 41\u201372 (2019). https:\/\/doi.org\/10.4018\/IJSR.20190701.oa1","journal-title":"Int. J. Stand. Res."},{"key":"16_CR14","doi-asserted-by":"publisher","unstructured":"Naveed Ahmed, N., Nanath, K.: Exploring Cybersecurity Ecosystem in the Middle East: Towards an SME Recommender System. JCSANDM (2021). https:\/\/doi.org\/10.13052\/jcsm2245-1439.1032","DOI":"10.13052\/jcsm2245-1439.1032"},{"key":"16_CR15","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1108\/JIC-05-2019-0128","volume":"21","author":"B Yigit Ozkan","year":"2019","unstructured":"Yigit Ozkan, B., Spruit, M., Wondolleck, R., Burriel Coll, V.: Modelling adaptive information security for SMEs in a cluster. JIC 21, 235\u2013256 (2019). https:\/\/doi.org\/10.1108\/JIC-05-2019-0128","journal-title":"JIC"},{"key":"16_CR16","doi-asserted-by":"publisher","unstructured":"Johannsen, A., Kant, D., Creutzburg, R.: Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. ei 32, 252-1\u2013252-11 (2020). https:\/\/doi.org\/10.2352\/ISSN.2470-1173.2020.3.MOBMU-252","DOI":"10.2352\/ISSN.2470-1173.2020.3.MOBMU-252"},{"key":"16_CR17","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1108\/ICS-10-2018-0122","volume":"27","author":"A Dedeke","year":"2019","unstructured":"Dedeke, A., Masterson, K.: Contrasting cybersecurity implementation frameworks (CIF) from three countries. ICS 27, 373\u2013392 (2019). https:\/\/doi.org\/10.1108\/ICS-10-2018-0122","journal-title":"ICS"},{"key":"16_CR18","unstructured":"The NIST Cybersecurity Framework (CSF) 2.0"},{"key":"16_CR19","unstructured":"ISO\/IEC 27001:2022 Information security, cybersecurity and privacy protection (2022). https:\/\/www.iso.org\/standard\/27001"},{"key":"16_CR20","unstructured":"ISO 31000:2018 Risk management Guidelines. https:\/\/www.iso.org\/standard\/65694.html"},{"key":"16_CR21","unstructured":"ISO\/IEC 27005:2022 Information security, cybersecurity and privacy protection Guidance on managing information security risks (2022)"},{"key":"16_CR22","unstructured":"Information security | VDA. https:\/\/www.vda.de\/en\/topics\/digitization\/data\/information-security"},{"key":"16_CR23","unstructured":"Welcome to TISAX\u00a0\u00b7 ENX Portal. https:\/\/enx.com\/en-US\/TISAX\/"},{"key":"16_CR24","doi-asserted-by":"publisher","first-page":"4259","DOI":"10.1016\/j.procs.2021.09.202","volume":"192","author":"T Kr\u00f3likowski","year":"2021","unstructured":"Kr\u00f3likowski, T., Ubowska, A.: TISAX - optimization of IT risk management in the automotive industry. Procedia Comput. Sci. 192, 4259\u20134268 (2021). https:\/\/doi.org\/10.1016\/j.procs.2021.09.202","journal-title":"Procedia Comput. Sci."},{"key":"16_CR25","doi-asserted-by":"publisher","unstructured":"Standards, N.I. of, Technology: Special Publication 800\u201330 Revision 1 - Guide for Conducting Risk Assessments. NIST Special Publication. 95 (2012). https:\/\/doi.org\/10.6028\/NIST.SP.800-30r1","DOI":"10.6028\/NIST.SP.800-30r1"},{"key":"16_CR26","unstructured":"NIST Special Publication 800\u201337 Revision 2 (2018). https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-37r2.pdf"},{"key":"16_CR27","unstructured":"NIST SP 800-39 (2011). https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-39.pdf"},{"key":"16_CR28","doi-asserted-by":"publisher","first-page":"15241","DOI":"10.1007\/s00521-022-06959-2","volume":"34","author":"HI Kure","year":"2022","unstructured":"Kure, H.I., Islam, S., Mouratidis, H.: An integrated cyber security risk management framework and risk predication for the critical infrastructure protection. Neural Comput. Applic. 34, 15241\u201315271 (2022). https:\/\/doi.org\/10.1007\/s00521-022-06959-2","journal-title":"Neural Comput. Applic."},{"key":"16_CR29","unstructured":"Junior, C.R., Becker, I., Johnson, S.: Unaware, Unfunded and Uneducated: A Systematic Review of SME Cybersecurity (2023). http:\/\/arxiv.org\/abs\/2309.17186"},{"key":"16_CR30","doi-asserted-by":"publisher","first-page":"446","DOI":"10.1108\/JICES-03-2021-0035","volume":"19","author":"R Yudhiyati","year":"2021","unstructured":"Yudhiyati, R., Putritama, A., Rahmawati, D.: What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. JICES 19, 446\u2013462 (2021). https:\/\/doi.org\/10.1108\/JICES-03-2021-0035","journal-title":"JICES"},{"key":"16_CR31","doi-asserted-by":"publisher","first-page":"1262","DOI":"10.1108\/ITP-06-2018-0261","volume":"32","author":"D P\u00e9rez-Gonz\u00e1lez","year":"2019","unstructured":"P\u00e9rez-Gonz\u00e1lez, D., Preciado, S.T., Solana-Gonzalez, P.: Organizational practices as antecedents of the information security management performance: an empirical investigation. ITP 32, 1262\u20131275 (2019). https:\/\/doi.org\/10.1108\/ITP-06-2018-0261","journal-title":"ITP"},{"key":"16_CR32","volume-title":"Researching Information Systems and Computing","author":"BJ Oates","year":"2006","unstructured":"Oates, B.J.: Researching Information Systems and Computing. Sage Publications Limited, London, United Kingdom (2006)"},{"key":"16_CR33","unstructured":"Nmap: the Network Mapper - Free Security Scanner. https:\/\/nmap.org\/"}],"container-title":["Communications in Computer and Information Science","Systems, Software and Services Process Improvement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-71139-8_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,6]],"date-time":"2024-09-06T07:10:39Z","timestamp":1725606639000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-71139-8_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031711381","9783031711398"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-71139-8_16","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"7 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"EuroSPI","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Conference on Software Process Improvement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Munich","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurospi2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/conference.eurospi.net","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}