In the last decade, compliance management and data security have become increasingly critical for businesses, driven by evolving regulations. Small companies, in particular, face challenges in navigating complex regulatory landscapes and implementing effective data security compliance processes or even better sufficient management systems. To address this problem, this research developed an application-oriented solution, the “Action Plan for Data Security Compliance” (Act4DSC), a structured, evidence-based and easy-to-use tool designed to guide small businesses through the initial steps of data security compliance. Utilizing design science methodology, Act4DSC integrates the NIST Cybersecurity Framework 2.0 as its foundational structure with practitioner insights from several qualitative expert interviews. The Act4DSC offers a step-by-step approach, including regulatory alignment, stakeholder considerations, prioritization, data criticality classification, and gap analysis. Expert evaluations confirm its usability, adaptability, and structured guidance, making data security compliance more accessible for smaller businesses. Act4DSC fills a critical gap by tailoring compliance solutions for smaller businesses, bridging the divide between theoretical frameworks and practical implementations.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Data Security Compliance – An Application-Oriented Solution for Small Businesses

  • Petra Maria Asprion,
  • Tanja Tschan,
  • Sherdel Käppler

摘要

In the last decade, compliance management and data security have become increasingly critical for businesses, driven by evolving regulations. Small companies, in particular, face challenges in navigating complex regulatory landscapes and implementing effective data security compliance processes or even better sufficient management systems. To address this problem, this research developed an application-oriented solution, the “Action Plan for Data Security Compliance” (Act4DSC), a structured, evidence-based and easy-to-use tool designed to guide small businesses through the initial steps of data security compliance. Utilizing design science methodology, Act4DSC integrates the NIST Cybersecurity Framework 2.0 as its foundational structure with practitioner insights from several qualitative expert interviews. The Act4DSC offers a step-by-step approach, including regulatory alignment, stakeholder considerations, prioritization, data criticality classification, and gap analysis. Expert evaluations confirm its usability, adaptability, and structured guidance, making data security compliance more accessible for smaller businesses. Act4DSC fills a critical gap by tailoring compliance solutions for smaller businesses, bridging the divide between theoretical frameworks and practical implementations.