Preparing for GDPR: helping EU SMEs to manage data breaches

Keshav Kapoor; Karen Renaud; Jacqueline Archibald

Preparing for GDPR: helping EU SMEs to manage data breaches

Keshav Kapoor, Karen Renaud, Jacqueline Archibald

Division of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

1034 Downloads (Pure)

Abstract

Over the last decade, the number of small and medium (SME) businesses suffering data breaches has risen at an alarming rate. Knowing how to respond to inevitable data breaches is critically important. A number of guidelines exist to advise organisations on the steps necessary to ensure an effective incident response. These guidelines tend to be unsuitable for SMEs, who generally have limited resources to expend on security and incident responses. Qualitative interviews were conducted with SMEs to probe current data breach response practice and to gather best-practice advice from SMEs themselves. The interviews revealed no widespread de facto approach, with a variety of practices being reported. A number of prevalent unhelpful-practice themes emerged from the responses, which we propose specific mitigation techniques to address. We therefore propose a SME-specific incident response framework that is simple yet powerful enough to inform and guide SME responses to data breach incidents.

Original language	English
Title of host publication	AISB 2018
Subtitle of host publication	Symposium on Digital Behaviour Interventions for Cyber-Security
Publisher	Society for the Study of Artificial Intelligence and Simulation for Behaviour (AISB)
Pages	13-20
Number of pages	8
Publication status	Published - 5 Apr 2018
Event	2018 AISB Convention: Symposium on Digital Behaviour Intervention for Cyber Security - University of Liverpool, Liverpool, United Kingdom Duration: 4 Apr 2018 → 6 Apr 2018 https://www.sspedi.co.uk/aisb2018

Other

Other	2018 AISB Convention
Country/Territory	United Kingdom
City	Liverpool
Period	4/04/18 → 6/04/18
Internet address	https://www.sspedi.co.uk/aisb2018

Access to Document

Archibald_PreparingForGDPR_Author_2018Accepted author manuscript, 750 KB

http://aisb2018.csc.liv.ac.uk/PROCEEDINGS%20AISB2018/Digital%20Behaviour%20Interventions%20for%20CyberSecurity%20-%20AISB2018.pdf

Jacqueline Archibald
- J510994abertay.acuk
- School of Design and Informatics - School Head of Teaching Quality and Learning Enhancement
Person: Academic

Cite this

Kapoor, K., Renaud, K., & Archibald, J. (2018). Preparing for GDPR: helping EU SMEs to manage data breaches. In AISB 2018: Symposium on Digital Behaviour Interventions for Cyber-Security (pp. 13-20). Society for the Study of Artificial Intelligence and Simulation for Behaviour (AISB). http://aisb2018.csc.liv.ac.uk/PROCEEDINGS%20AISB2018/Digital%20Behaviour%20Interventions%20for%20CyberSecurity%20-%20AISB2018.pdf

@inproceedings{8b761aafc2d541a698bf2b7daa33ea93,

title = "Preparing for GDPR: helping EU SMEs to manage data breaches",

abstract = "Over the last decade, the number of small and medium (SME) businesses suffering data breaches has risen at an alarming rate. Knowing how to respond to inevitable data breaches is critically important. A number of guidelines exist to advise organisations on the steps necessary to ensure an effective incident response. These guidelines tend to be unsuitable for SMEs, who generally have limited resources to expend on security and incident responses. Qualitative interviews were conducted with SMEs to probe current data breach response practice and to gather best-practice advice from SMEs themselves. The interviews revealed no widespread de facto approach, with a variety of practices being reported. A number of prevalent unhelpful-practice themes emerged from the responses, which we propose specific mitigation techniques to address. We therefore propose a SME-specific incident response framework that is simple yet powerful enough to inform and guide SME responses to data breach incidents.",

author = "Keshav Kapoor and Karen Renaud and Jacqueline Archibald",

year = "2018",

month = apr,

day = "5",

language = "English",

pages = "13--20",

booktitle = "AISB 2018",

publisher = "Society for the Study of Artificial Intelligence and Simulation for Behaviour (AISB)",

note = "2018 AISB Convention : Symposium on Digital Behaviour Intervention for Cyber Security ; Conference date: 04-04-2018 Through 06-04-2018",

url = "https://www.sspedi.co.uk/aisb2018",

}

Kapoor, K, Renaud, K & Archibald, J 2018, Preparing for GDPR: helping EU SMEs to manage data breaches. in AISB 2018: Symposium on Digital Behaviour Interventions for Cyber-Security. Society for the Study of Artificial Intelligence and Simulation for Behaviour (AISB), pp. 13-20, 2018 AISB Convention, Liverpool, United Kingdom, 4/04/18. <http://aisb2018.csc.liv.ac.uk/PROCEEDINGS%20AISB2018/Digital%20Behaviour%20Interventions%20for%20CyberSecurity%20-%20AISB2018.pdf>

Preparing for GDPR : helping EU SMEs to manage data breaches. / Kapoor, Keshav; Renaud, Karen; Archibald, Jacqueline.

AISB 2018: Symposium on Digital Behaviour Interventions for Cyber-Security. Society for the Study of Artificial Intelligence and Simulation for Behaviour (AISB), 2018. p. 13-20.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Preparing for GDPR

T2 - 2018 AISB Convention

AU - Kapoor, Keshav

AU - Renaud, Karen

AU - Archibald, Jacqueline

PY - 2018/4/5

Y1 - 2018/4/5

N2 - Over the last decade, the number of small and medium (SME) businesses suffering data breaches has risen at an alarming rate. Knowing how to respond to inevitable data breaches is critically important. A number of guidelines exist to advise organisations on the steps necessary to ensure an effective incident response. These guidelines tend to be unsuitable for SMEs, who generally have limited resources to expend on security and incident responses. Qualitative interviews were conducted with SMEs to probe current data breach response practice and to gather best-practice advice from SMEs themselves. The interviews revealed no widespread de facto approach, with a variety of practices being reported. A number of prevalent unhelpful-practice themes emerged from the responses, which we propose specific mitigation techniques to address. We therefore propose a SME-specific incident response framework that is simple yet powerful enough to inform and guide SME responses to data breach incidents.

AB - Over the last decade, the number of small and medium (SME) businesses suffering data breaches has risen at an alarming rate. Knowing how to respond to inevitable data breaches is critically important. A number of guidelines exist to advise organisations on the steps necessary to ensure an effective incident response. These guidelines tend to be unsuitable for SMEs, who generally have limited resources to expend on security and incident responses. Qualitative interviews were conducted with SMEs to probe current data breach response practice and to gather best-practice advice from SMEs themselves. The interviews revealed no widespread de facto approach, with a variety of practices being reported. A number of prevalent unhelpful-practice themes emerged from the responses, which we propose specific mitigation techniques to address. We therefore propose a SME-specific incident response framework that is simple yet powerful enough to inform and guide SME responses to data breach incidents.

M3 - Conference contribution

SP - 13

EP - 20

BT - AISB 2018

PB - Society for the Study of Artificial Intelligence and Simulation for Behaviour (AISB)

Y2 - 4 April 2018 through 6 April 2018

ER -

Preparing for GDPR: helping EU SMEs to manage data breaches

Abstract

Other

Access to Document

Fingerprint

Profiles

Jacqueline Archibald

Cite this