Skip to Main Content
The difficulty in managing security threats and vulnerabilities for small and medium-sized enterprises (SME) is investigated. A detailed security conceptual framework, asset and threat classifications are proposed. These models assist SMEs to prevent and effectively mitigate threats and vulnerabilities in assets. The investigated conceptual framework models security issues in terms of owners, vulnerabilities, threat agents, threats, countermeasures, risks and assets, and their relationship; while the asset classification model is a value-based approach, and the threat classification model is based on attack timeline.