A FRAMEWORK FOR THE PLANNING AND MANAGEMENT OF CYBERSECURITY PROJECTS IN SMALL AND MEDIUM-SIZED ENTERPRISES/UM FRAMEWORK PARA PLANEJAMENTO E GERENCIAMENTO DE PROJETOS DE CIBERSEGURANÃ#135;A EM PEQUENAS E MÃ#137;DIAS EMPRESAS

• Published in: Revista de Gestão e Projetos Vol. 13; no. 3; p. 10
• Main Authors: Franco, Muriel Figueredo, Lacerda, Fabricio Martins, Stiller, Burkhard
• Format: Journal Article
• Language: Portuguese
• Published: Universidade Nove de Julho 01.09.2022
• Subjects: Case studies; Cost control; Cyberterrorism; Data security; Small and medium sized companies
• ISSN: 2236-0972; 2236-0972
• DOI: 10.5585/gep.v13i3.23083

Cybersecurity remains one of the key investments for companies that want to protect their business in a digital era. Therefore, it is essential to understand the different steps required to implement an adequate cybersecurity strategy, which can be viewed as a cybersecurity project to be developed, implemented, and operated. This article proposes SECProject, a practical framework that defines and organizes the technical and economics steps required for the planning and implementation of a cost-effective cybersecurity strategy in Small and Medium-sized Enterprises (SME). As novelty, the SECProject framework allows for a guided and organized cybersecurity planning that considers both technical and economical elements needed for an adequate protection. This helps even companies without technical expertise to optimize their cybersecurity investments while reducing their business risks due to cyberattacks. In order to show the feasibility of the proposed framework, a case study was conducted within a Swiss SME from the pharma sector, highlighting the information and artifacts required for the planning and deployment of cybersecurity strategies. The results show the benefits and effectiveness of risk and cost management as a key element during the planning of cybersecurity projects using the SECProject as a guideline.