{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T19:47:50Z","timestamp":1774381670646,"version":"3.50.1"},"reference-count":79,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100005004","name":"Basque Government under Project ELKARTEK","doi-asserted-by":"publisher","award":["2019 KK-2019\/00072"],"award-info":[{"award-number":["2019 KK-2019\/00072"]}],"id":[{"id":"10.13039\/501100005004","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2020]]},"DOI":"10.1109\/access.2020.3026063","type":"journal-article","created":{"date-parts":[[2020,9,23]],"date-time":"2020-09-23T20:35:33Z","timestamp":1600893333000},"page":"174200-174221","source":"Crossref","is-referenced-by-count":52,"title":["Systematic Approach to Cyber Resilience Operationalization in SMEs"],"prefix":"10.1109","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2514-0312","authenticated-orcid":false,"given":"Juan Francisco","family":"Carias","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2992-3429","authenticated-orcid":false,"given":"Marcos R. S.","family":"Borges","sequence":"additional","affiliation":[]},{"given":"Leire","family":"Labaka","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9958-9799","authenticated-orcid":false,"given":"Saioa","family":"Arrizabalaga","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9307-9787","authenticated-orcid":false,"given":"Josune","family":"Hernantes","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref73","first-page":"456","article-title":"Software system engineering process models","volume":"14","author":"davis","year":"2011","journal-title":"Software Requirements Engineering"},{"key":"ref72","first-page":"476","article-title":"Quality improvement methodologies–PDCA cycle, RADAR matrix, DMAIC and DFSS","volume":"43","author":"sokovich","year":"0","journal-title":"J Achievements Mater Manuf Eng"},{"key":"ref71","author":"tupper","year":"2011","journal-title":"Data Architecture From Zen to Reality"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/357980.358010"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1016\/j.cor.2006.01.017"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1016\/0378-7206(94)90100-7"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.2307\/41703500"},{"key":"ref39","year":"2016","journal-title":"Cyber Resilience Review"},{"key":"ref75","first-page":"18","article-title":"IT centralization, security outsourcing, and cybersecurity breaches: Evidence from the U.S. Higher education","author":"liu","year":"2017","journal-title":"Proc Transforming Soc Digit Innov (ICIS)"},{"key":"ref38","first-page":"1","article-title":"How to steer cyber security with only one KPI: The cyber risk resilience","author":"nys","year":"2016","journal-title":"Proc RSA Conf"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1016\/0268-4012(93)90061-8"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1016\/S0268-4012(00)00007-4"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.04.004"},{"key":"ref32","year":"2013","journal-title":"Security and Privacy Controls for Federal Information Systems and Organizations (NIST SP 800–53 Revision 4)"},{"key":"ref31","year":"2014","journal-title":"Cybersecurity Capability Maturity Model (C2M2)"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2014.102"},{"key":"ref37","first-page":"13","article-title":"Defining cyber-security","volume":"4","author":"craigen","year":"2014","journal-title":"Journal of technology management & innovation"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ASCC.2015.7244713"},{"key":"ref35","article-title":"Quantifying and measuring cyber resiliency","volume":"9825","author":"cybenko","year":"2016","journal-title":"Proc SPIE"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.20542\/0131-2227-2019-63-10-51-58"},{"key":"ref60","author":"corbin","year":"2014","journal-title":"Basics of Qualitative Research Grounded Theory Procedures and Techniques"},{"key":"ref62","author":"glaser","year":"1978","journal-title":"Theoretical Sensitivity Advances in the Methodology of Grounded Theory"},{"key":"ref61","author":"salda\u00f1a","year":"2015","journal-title":"The Coding Manual for Qualitative Researchers"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.25300\/MISQ\/2017\/41.3.02"},{"key":"ref28","year":"2016","journal-title":"A Framework for Assessing Cyber Resilience"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511557842"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/s10669-013-9485-y"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-11522-6"},{"key":"ref66","year":"2012","journal-title":"2011 Cost of Data Breach Study Australia"},{"key":"ref29","first-page":"1:1","article-title":"A Framework for Reasoning About the Human in the Loop","author":"cranor","year":"2008","journal-title":"Proc 1st Conf Usability Psychol Security"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.3390\/s19010138"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2015.01.039"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-05195-2_15"},{"key":"ref2","year":"2019","journal-title":"Allianz Risk Barometer Top Business Risks for 2019"},{"key":"ref1","year":"0","journal-title":"The Global Risks Report 2018"},{"key":"ref20","year":"2019","journal-title":"Indicadores Para Mejora de la Ciberresiliencia (IMC)"},{"key":"ref22","author":"deutscher","year":"2017","journal-title":"Building a Cyberresilient Organization"},{"key":"ref21","first-page":"3","article-title":"Cyber resilience–fundamentals for a definition","volume":"353","author":"bj\u00f6rk","year":"2015","journal-title":"Adv Intell Syst Comput"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/2994475.2994484"},{"key":"ref23","year":"2012","journal-title":"Cyber Resiliency Metrics"},{"key":"ref26","year":"2019","journal-title":"CIS Controls Version 7 1"},{"key":"ref25","year":"2018","journal-title":"Framework for Improving Critical Infrastructure Cybersecurity Version 1 1"},{"key":"ref50","year":"2019","journal-title":"Buildings Cybersecurity Capability Maturity Model"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222240302"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.3316\/QRJ0902027"},{"key":"ref58","author":"glaser","year":"2009","journal-title":"The Discovery of Grounded Theory Strategies for Qualitative Research"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1080\/23738871.2018.1520271"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1016\/j.cya.2016.06.012"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00129"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12113-5_10"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.2307\/25148625"},{"key":"ref52","first-page":"141","article-title":"Eating our own cooking: Toward a design science of research methods","volume":"10","author":"venable","year":"2012","journal-title":"Electron J Bus Res Methods"},{"key":"ref10","first-page":"112","article-title":"Small business—A cyber resilience vulnerability","author":"williams","year":"2010","journal-title":"Proc 1st Int Cyber Resilience Conf"},{"key":"ref11","first-page":"289","article-title":"Effect of entrepreneur and firm characteristics on the business success of small and medium enterprises (SMEs) in Bangladesh","volume":"6","author":"islam","year":"2011","journal-title":"International Business Management"},{"key":"ref40","author":"hollnagel","year":"2006","journal-title":"Resilience Engineering Concepts and Precepts"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1108\/13552559910274499"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1108\/14626000610705732"},{"key":"ref14","author":"huelsman","year":"2016","journal-title":"Cyber risk in advanced manufacturing"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2016.02.012"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1108\/13598540710724374"},{"key":"ref17","author":"crane","year":"2019","journal-title":"15 Small Business Cyber Security Statistics That You Need to Know-Hashed Out by The SSL StoreTM"},{"key":"ref18","author":"binwal","year":"2015","journal-title":"Creating a cybersecurity governance framework The necessity of time Security Intelligence"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/THS.2011.6107877"},{"key":"ref4","year":"2018","journal-title":"ENISA Threat Landscape Report 2018 15 Top Cyberthreats and Trends About ENISA"},{"key":"ref3","year":"2017","journal-title":"Internet security threat report 2017"},{"key":"ref6","author":"damiano","year":"2017","journal-title":"VIPRE Announces Launch of VIPRE Endpoint Security–Cloud Edition |Business Wire Business Wire"},{"key":"ref5","author":"tofan","year":"2016","journal-title":"The cost of incidents affecting CIIs Systematic review of studies concerning the economic impact of cyber-security incidents on critical information infrastructures (CII)"},{"key":"ref8","author":"millaire","year":"2017","journal-title":"What all cyber criminals know Small & midsize businesses with little or no cybersecurity are ideal targets"},{"key":"ref7","year":"2016","journal-title":"Cyber Resilience? How To Protect Small Firms in the Digital Economy"},{"key":"ref49","year":"2017","journal-title":"Advancing Cyber Resilience–Principles and Tools for Boards"},{"key":"ref9","year":"2015","journal-title":"Information Security and Privacy Standards for SMEs"},{"key":"ref46","year":"2016","journal-title":"Cyber resilience assessment framework"},{"key":"ref45","year":"2012","journal-title":"A Business Framework for the Governance and Management of Enterprise IT"},{"key":"ref48","author":"caralli","year":"2016","journal-title":"CERT\ufffd Resilience Management Model"},{"key":"ref47","year":"2013"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1016\/j.jaccpubpol.2015.05.001"},{"key":"ref41","first-page":"176","article-title":"Security of mobile devices in the view of Swiss cheese model","author":"k\u00e4dena","year":"2019","journal-title":"Kiberbiztonság\/Cybersecurity"},{"key":"ref44","first-page":"1","year":"2009"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.21236\/ADA470450"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/8948470\/09204611.pdf?arnumber=9204611","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,17]],"date-time":"2021-12-17T19:56:07Z","timestamp":1639770967000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9204611\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"references-count":79,"URL":"https:\/\/doi.org\/10.1109\/access.2020.3026063","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]}}}