Keywords: critical infrastructure protection, cybercrime, CyTRAP labs risk barometer, early warning systems, incident response, security guide, security metrics, standards, threat, trust, small and medium-sized enterprises, SMEs, critical infrastructures, critical information infrastructures, home users, security culture, security hygiene, information security
Early warning system for home users and small- and medium-sized enterprises: eight lessons learned
This paper outlines how early alert systems can help home users and Small- and Medium-Sized Enterprises (SMEs) in improving their security hygiene (culture of security). The viability of our framework and concepts are evaluated using www.CASEScontact.org as a case study. The latter offers its services to targeted groups of home users and SMEs supporting them in better protecting their information and data assets stored on, for instance, PCs or smartphones. As this paper shows, careful targeting of services (e.g. type of information and technical focus) and diligence (e.g. accurate and timely information is being provided) are a must for attaining users' trust and confidence. Only then may behavioural change to follow that will, in turn, improve security hygiene (culture of security). As a result, we present conceptual and empirical evidence for the need to integrate marketing and information security elements to improve an early alert system's resource advantage.