國立高雄大學圖資館 |

登入

回首頁

Qualitative Study for Effective Small Business Cyber Regulations in the United States.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Qualitative Study for Effective Small Business Cyber Regulations in the United States.
作者:	Scarpato, Amanda.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, 2023
面頁冊數:	155 p.
附註:	Source: Dissertations Abstracts International, Volume: 83-11, Section: B.
附註:	Advisor: Schmitt, Alexa.
Contained By:	Dissertations Abstracts International83-11B.
標題:	Information technology.
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=29162561
ISBN:	9798426822573

Qualitative Study for Effective Small Business Cyber Regulations in the United States.
Scarpato, Amanda.

Qualitative Study for Effective Small Business Cyber Regulations in the United States. - Ann Arbor : ProQuest Dissertations & Theses, 2023 - 155 p.

Source: Dissertations Abstracts International, Volume: 83-11, Section: B.

Thesis (D.C.S.)--Colorado Technical University, 2023.

This item must not be sold to any third party vendors.

Smaller organizations are at higher risk for a cyber-attack compared to larger organizations. The shared technical and managerial characteristics of small businesses does not explain why small businesses choose to accept high risks and high consequences. The purpose of the qualitative case study was to perform an investigation of how a CMMC approach of an independent audit prior to receiving sensitive data may motivate small organizations in the United States to improve their cybersecurity posture. The study created three case studies of small organizations based on semi-structured interviews and a mini risk assessment with decision makers for the organizations. The study also analyzed the results from 100 online surveys. The study found that an audit by itself would not be enough to help small businesses improve. The small businesses in the study did not understand their data types, what regulations impacted those data types, nor where they putting fourth any type of consistent cyber improvements for the data type. Current regulations require risk assessments, but the majority of organizations in the study had not completed a risk assessment. A risk assessment based approach focusing on ensuring they know their data types, what regulations affect them and what their real world risks are would likely be much more effective than an audit where the organization would have to know they have that data type, implement security measures on their own, hire an independent auditor, and get tested on how well they did.

ISBN: 9798426822573Subjects--Topical Terms:

184390
Information technology.
Subjects--Index Terms:

Cyber regulations

Qualitative Study for Effective Small Business Cyber Regulations in the United States.
LDR:02783nmm a2200385 4500 001 636102
005 20230501063900.5
006 m o d
007 cr#unu||||||||
008 230724s2023 ||||||||||||||||| ||eng d
020 $a 9798426822573
035 $a (MiAaPQ)AAI29162561
035 $a AAI29162561
040 $a MiAaPQ $c MiAaPQ
100 1 $a Scarpato, Amanda. $3 942413
245 1 0 $a Qualitative Study for Effective Small Business Cyber Regulations in the United States.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2023
300 $a 155 p.
500 $a Source: Dissertations Abstracts International, Volume: 83-11, Section: B.
500 $a Advisor: Schmitt, Alexa.
502 $a Thesis (D.C.S.)--Colorado Technical University, 2023.
506 $a This item must not be sold to any third party vendors.
520 $a Smaller organizations are at higher risk for a cyber-attack compared to larger organizations. The shared technical and managerial characteristics of small businesses does not explain why small businesses choose to accept high risks and high consequences. The purpose of the qualitative case study was to perform an investigation of how a CMMC approach of an independent audit prior to receiving sensitive data may motivate small organizations in the United States to improve their cybersecurity posture. The study created three case studies of small organizations based on semi-structured interviews and a mini risk assessment with decision makers for the organizations. The study also analyzed the results from 100 online surveys. The study found that an audit by itself would not be enough to help small businesses improve. The small businesses in the study did not understand their data types, what regulations impacted those data types, nor where they putting fourth any type of consistent cyber improvements for the data type. Current regulations require risk assessments, but the majority of organizations in the study had not completed a risk assessment. A risk assessment based approach focusing on ensuring they know their data types, what regulations affect them and what their real world risks are would likely be much more effective than an audit where the organization would have to know they have that data type, implement security measures on their own, hire an independent auditor, and get tested on how well they did.
590 $a School code: 1271.
650 4 $a Information technology. $3 184390
650 4 $a Business administration. $3 708619
650 4 $a Computer science. $3 199325
653 $a Cyber regulations
653 $a Cybersecurity
653 $a Cybersecurity Maturity Model Certification (CMMC)
653 $a Small business Cybersecurity
690 $a 0489
690 $a 0984
690 $a 0310
710 2 $a Colorado Technical University. $b Computer Science. $3 942414
773 0 $t Dissertations Abstracts International $g 83-11B.
790 $a 1271
791 $a D.C.S.
792 $a 2023
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=29162561