Cybersecurity Vulnerabilities Management for Small and Medium Enterprises
摘要
Small and medium-sized enterprises play a crucial role in Europe’s economy, but their growing reliance on digital technologies makes them increasingly vulnerable to cyber threats. While large organizations often have the resources to adopt complex cybersecurity frameworks, most SMEs struggle with the cost, complexity, and expertise required. To address this gap, we are developing CyberEsp, a practical cybersecurity framework tailored specifically for SMEs, as part of an initiative supported by the Spanish National Cybersecurity Institute. The first phase of CyberEsp, presented at EuroSPI 2024, focused on helping SMEs identify and catalogue their IT assets through a semi-automated process. In this paper, we present the next step: a reference taxonomy that helps organizations better understand and classify the vulnerabilities associated with their digital assets. The taxonomy is designed to be both comprehensive and easy to use, supporting SMEs in prioritizing risks and making informed decisions about cybersecurity. Our goal is to provide a framework that fits the real-world constraints of SMEs, helping them become more resilient in today’s fast-changing threat landscape.