Cost-effective and efficient NAC framework for SMEs built on empirical case findings

Abstract

"Network access control is one of the most important topics in defending against cyberattacks in order to keep business operations running and data safe. SMEs in Sri Lanka can be found in a variety of industries, including banking and finance, telecommunications, and healthcare. Because of the information and data process, almost every type of these organizations has become a key threat target. Several problems were highlighted about network access control in Sri Lankan SMEs, including a lack of expertise and information to correctly assess the NAC requirement, choose the appropriate solution, and evaluate the deployment. Furthermore, the industry lacks a comprehensive guideline developed specially for Network access control. The research's major goal is to provide a cost-effective and efficient framework that addresses the highlighted challenges and assists SMEs in Sri Lanka in defending against cyber-attacks. The designed framework is made up of four major components/phases that may be used independently depending on the situation. The major components are requirement identification and analysis, solution identification and planning, deployment and evaluation, and incident detection and response. The framework has a straightforward structure and offers thorough instructions for making decisions, evaluating, identifying, and addressing difficulties encountered during the deployment of a network access control system in an organization. The framework uses scoring methods to give the user with a cost-effective and efficient result. The framework is purely focused on network access control and due to the user-friendly structure, it can easily be used by non-technical personnel as well. As a future improvement, it can expand to other organisation types both local and worldwide. "